|
|
On Sat, 16 Jul 2005 11:16:16 +1200, Brian L Johnson
<no.email@xxxxxxxxxxxxxxx> wrote:
I'm signing up with another ISP. I end up at a page on the ISP's site:
http://www.plus.net/products/option.html?type=plus&speed=2000&hardware=usb&contract=FreeActivationAnnual&js=1
and I click on the "Buy Now" link.
Opera 8.02 then tells me that the page is using outdated encryption.
Specifically, TLS v1.0 128 bit ARC4 (512 bit RSA/SHA)
However, if I visit that page with IE or FF, they both say that the
certificate is SSL 3.0.
Why would Opera consider that TLS is inferior to SSL?
And why does Opera 8 get TLS anyway, when other browsers get SSL?
LLS 1.0 = SSL 3.0 (I think IE renamed it because people were thinking TLS
1.0 < SSL 2.0)
The reason Opera is warning is the key length. 128 bit with a 512 bit key
isn't very strong (if you have the computing power of the NSA it's
trivial). The key should be 768 or 1024-bit - AFAIK they haven't been
cracked yet.
--
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
|
|