1996-08-29 - Re: MSIE cryptography

Header Data

From: “Peter Trei” <trei@process.com>
To: cypherpunks@toad.com
Message Hash: 812d6dc82def4039e7ad9faeb39efd8471f4c06a5fb3f34953985fb4b1008f20
Message ID: <199608291427.HAA18951@toad.com>
Reply To: N/A
UTC Datetime: 1996-08-29 17:17:22 UTC
Raw Date: Fri, 30 Aug 1996 01:17:22 +0800

Raw message

From: "Peter Trei" <trei@process.com>
Date: Fri, 30 Aug 1996 01:17:22 +0800
To: cypherpunks@toad.com
Subject: Re: MSIE cryptography
Message-ID: <199608291427.HAA18951@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


John Hemming - CEO MarketNet"  <johnhemming@mkn.co.uk> writes:

> Just downloaded the most recent English Version 2.1 for Windows 3.1.
> This does appear to do the same in terms of no encryption at all after
> the server hello.
> 
> To be fair to Microsoft the number of cycles performed for the private key
> echange is quite high.  Therefore, not having any key and not doing the
> RSA calculations makes the access quite a bit faster.
> 
> The older versions (and some Win95 versions) that we have found around
> seem to just crash our server.  I am not really feeling like debugging that.

I understand that some versions of MSIE support SSL level 3. SSL3 includes a
capability to switch 'cipher suites' in mid-session, or pick one at the start of the
session. One of the standard cipher suites performs authentication, but not 
encryption. This is consistant with your description.

Please ensure that the server you are connecting to is not configured for
authenticate-only. It would be a pity to raise a big ruckus over what may be
just a mis-configured server.

Peter Trei
trei@process.com







Thread