允许ssl采用中强度加密_SSL和加密强度

允许ssl采用中强度加密

I recently had the chance to speak with Andrew Kennard of Thawte (www.thawte.com), who answered some questions regarding ssl and browser encryption as a follow up to my recent column Securing Apache 2 with SSL.

最近，我有机会与Thawte( www.thawte.com )的Andrew Kennard进行了交谈 ，他回答了有关ssl和浏览器加密的一些问题，作为我最近的专栏“ 使用SSL保护Apache 2的安全性”的后续内容。

As a preface to Andrew’s comments – it should be noted that the use of older 40 and 56-bit encryption browsers is declining internationally as newer, low costs machines with the latest browsers are purchased. However, Kennard does have a valid point in bringing this to our attention.

作为安德鲁评论的序言–应该注意的是，随着购买了具有最新浏览器的新型低成本机器，国际上使用较旧的40位和56位加密浏览器的趋势正在下降。 但是，肯纳德确实有一个要点引起我们注意。

An assumption I made in the article that caught Andrew’s attention was my failure to mention that the encryption level even of a 128-bit SSL certificate can vary depending upon the browser accessing the secure server.

我在这篇文章中引起安德鲁注意的一个假设是，我没有提到一个128位SSL证书的加密级别可能会根据浏览器访问安全服务器而有所不同。

“This means that users may connect at 40-bit, 56-bit or 128-bit depending on the browser version they are using,” he said.

他说：“这意味着用户可以根据他们使用的浏览器版本以40位，56位或128位连接。”

The majority of digital certificates operate in this manner — providing a supported encryption connection from browser to server and back.

大多数数字证书都以这种方式运行-提供从浏览器到服务器再到服务器之间受支持的加密连接。

“It is important to understand this distinction as many CAs promote their certificates as 128-bit when in fact they will support sessions of varying encryption strength (128-bit being the strongest possible level of encryption),” Kennard added.

Kennard补充说：“了解这种区别很重要，因为许多CA实际上会支持不同强度的会话(128位是最强的加密级别)，因此它们会将证书升级为128位。”

Some History

一些历史

Past US legislation prohibited the export of 128-bit encryption technology, which resulted in the browsers, which Kennard called ‘export’ browsers, that support 40-bit and 56-bit encryption.

过去的美国立法禁止出口128位加密技术，这导致浏览器被Kennard称为“导出”浏览器，该浏览器支持40位和56位加密。

In 1997, the US government repealed its ban on 128-bit encryption. Today however, there are still significant numbers of export version browsers in use, mainly internationally but also in the United States.

1997年，美国政府废除了对128位加密的禁令。 但是，今天，仍在使用大量的出口版本浏览器，主要是在国际上，在美国也是如此。

Server Gated Cryptography

服务器门控密码术

According to Kennard, CA’s responded by developing Server Gated Cryptography, which steps up ‘export’ browsers to 128-bit encryption.

根据Kennard的说法，CA的回应是开发了服务器门加密技术，该技术将“导出”浏览器提高到128位加密。

“Only a handful of CAs supply these certificates, so if you require the 128-bit encryption step-up capability, make sure you ask for SGC technology,” Kennard said.

Kennard说：“只有少数CA提供这些证书，因此，如果您需要128位加密升级功能，请确保您要求使用SGC技术。”

Specialized Industry Needs

专业行业需求

Kennard believes that SGC could also address the needs of companies in industries with legal or regulatory requirements to run strong encryption.

Kennard认为，SGC还可以满足具有法律或法规要求的行业中公司的需求，以运行强加密。

“In this case the use of SGC enabled certificates would be the product of choice (rather than a standard digital certificate) as the SGC certificate represents the most proactive attempt to ensure that 128-bit encryption requirement is adhered to,” he added.

他补充说：“在这种情况下，使用SGC启用的证书将是首选产品(而不是标准数字证书)，因为SGC证书代表了确保遵守128位加密要求的最积极尝试。”

翻译自: https://www.sitepoint.com/ssl-and-encryption-strength/

允许ssl采用中强度加密