Table of Contents
Advertisement
Ciphers Used with SSL
Decisions about which cipher suites a particular organization decides to enable
depend on trade-offs among the sensitivity of the data involved, the speed of the
cipher, and the applicability of export rules.
Some organizations may want to disable the weaker ciphers to prevent SSL
connections with weaker encryption. However, due to U.S. government
restrictions on products that support anything stronger than 40-bit encryption,
disabling support for all 40-bit ciphers effectively restricts access to network
browsers that are available only in the United States (unless the server involved
has a special Global Server ID that permits the international client to "step up" to
stronger encryption).
To serve the largest possible range of users, it's a good idea for administrators to
enable as broad a range of SSL cipher suites as possible. That way, when a domestic
client or server is dealing with another domestic server or client, respectively, it
will negotiate the use of the strongest ciphers available. And when an domestic
client or server is dealing with an international server or client, it will negotiate the
use of those ciphers that are permitted under U.S. export regulations.
However, since 40-bit ciphers can be broken relatively quickly, administrators
whose user communities can use stronger ciphers without violating export
restrictions should disable the 40-bit ciphers if they are concerned about access to
data by eavesdroppers.
NOTE
•
RC4 with 128-bit encryption and MD5 message authentication
•
RC4 with 40-bit encryption and MD5 message authentication
•
RC2 with 40-bit encryption and MD5 message authentication
•
No encryption, MD5 message authentication only
Cipher Suites With RSA Key Exchange
Table K-1 lists the cipher suites supported by SSL that use the RSA key-exchange
algorithm. Unless otherwise indicated, all ciphers listed in the table are supported
by both SSL 2.0 and SSL 3.0. Cipher suites are listed from strongest to weakest.
832
Netscape Certificate Manager System Administrator's Guide • June 2003
Netscape Console does not support all of the cipher suites
supported by Netscape clients and servers. To ensure that Netscape
Console can control an SSL-enabled server, the server must enable
at least one of the following cipher suites for SSL 3.0:
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN