sfs8 pt1
Charles Lindsey
ukcrypto at chiark.greenend.org.uk
Tue, 23 Sep 2008 12:19:06 +0100
On Mon, 22 Sep 2008 19:31:39 +0100, Dave Howe <DaveHowe@gmx.co.uk> wrote:
> I did a bit more testing and paid more attention. I took a look at
> exactly what was happening) and it looks like FF (checked 2.x and 3.x)
> works fine, but IE (any version from 6 up to 8b2) doesn't.
>
> It also appears to be a feature of the *browser*'s preferred list,
> rather than the server.
>
> from this list, apache selects the third (I am assuming the first two
> aren't supported by apache) - 0x0039
>
> so my guess is - at least in this instance, the server starts at the top
> of the list presented by the client, and takes the first one that it
> encounters that is on its supported list. In this case, that is a
> non-DHE suite for IE, but a DHE one for firefox - hence the difference
> in captures.
Well, in that case, I would regard it as the server's fault, since it
ought to consider all of the offerings and choose the most secure,
according to some internal ranking which it should have.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl@clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5