• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Detecting 128 bit Capability

 
Ranch Hand
Posts: 318
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There are websites (banking sites come to mind) where they check to see if you browser can do 128 bit encryption. OK, how can you do this? I know this:
1.) I can tell if you have a 40 bit or 128 bit Netscape browser.
but DON'T know:
if you've got 128 bit encryption turned OFF on your 128 bit browser.
2.) I can also tell if you have a browser that is supposed to have 128 bit encryption in terms of IE and Netscape. I can make that determination. But with IE it's tricky because on the boundary (around 4.0) some do and some don't.
My thin is, I want to disallow any HTTPS where the intial SSL handshake is less than 128 bit encryption. Is this possible? If so, how? I want it to be very robust, so if your answer is: if it's IE 4.0 or better and Netscape 4.7 or better, you're okay, well, thanks, but I'm looking for a better way.
Any suggestions would be REALLY appreciated.
With Respect,
Matt
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Matt,
do you mind to send me the code on how to detection the browser encryption level both for netscape and IE.
Thanks
heatherwu@mailcity.com
 
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Matt,
If don't have any trouble , then can u please send me how to
detecte the browser encryption level both for netscape and IE.
Thanks
MANOJ.
manoj.bagul@rxbazaar.com
 
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Matt,
I was aslo looking for the same problem how to encrypt the passwords and credit card numbers with 128 bit encryption for IE. WOuld you mind helping me how you have solved your problem.
thanx
regards
prabhakar
 
Ranch Hand
Posts: 18944
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you're using a Servlet 2.3 compliant server, then you should look into the following request attributes:
  • String cipherSuite = (String)req.getAttribute("javax.servlet.request.cipher_suite");
  • Integer keySize = (Integer)req.getAttrbute("javax.servlet.request.key_size");

  • Prior to 2.3, different vendors may provide different attributes, but this was not standardized.
    A useful link: http://java.sun.com/j2se/1.4/docs/guide/security/jsse/JSSERefGuide.html
    ------------------
    Miftah Khan
    - Sun Certified Programmer for the Java� 2 Platform
    - Sun Certified Web Component Developer for the Java� 2 Platform, Enterprise Edition
 
reply
    Bookmark Topic Watch Topic
  • New Topic