posted 22 years ago
There are websites (banking sites come to mind) where they check to see if you browser can do 128 bit encryption. OK, how can you do this? I know this:
1.) I can tell if you have a 40 bit or 128 bit Netscape browser.
but DON'T know:
if you've got 128 bit encryption turned OFF on your 128 bit browser.
2.) I can also tell if you have a browser that is supposed to have 128 bit encryption in terms of IE and Netscape. I can make that determination. But with IE it's tricky because on the boundary (around 4.0) some do and some don't.
My thin is, I want to disallow any HTTPS where the intial SSL handshake is less than 128 bit encryption. Is this possible? If so, how? I want it to be very robust, so if your answer is: if it's IE 4.0 or better and Netscape 4.7 or better, you're okay, well, thanks, but I'm looking for a better way.
Any suggestions would be REALLY appreciated.
With Respect,
Matt