• Post Reply Bookmark Topic Watch Topic
  • New Topic

Detecting 128 bit Capability  RSS feed

 
Matt DeLacey
Ranch Hand
Posts: 318
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are websites (banking sites come to mind) where they check to see if you browser can do 128 bit encryption. OK, how can you do this? I know this:
1.) I can tell if you have a 40 bit or 128 bit Netscape browser.
but DON'T know:
if you've got 128 bit encryption turned OFF on your 128 bit browser.
2.) I can also tell if you have a browser that is supposed to have 128 bit encryption in terms of IE and Netscape. I can make that determination. But with IE it's tricky because on the boundary (around 4.0) some do and some don't.
My thin is, I want to disallow any HTTPS where the intial SSL handshake is less than 128 bit encryption. Is this possible? If so, how? I want it to be very robust, so if your answer is: if it's IE 4.0 or better and Netscape 4.7 or better, you're okay, well, thanks, but I'm looking for a better way.
Any suggestions would be REALLY appreciated.
With Respect,
Matt
 
heather0527 wu
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Matt,
do you mind to send me the code on how to detection the browser encryption level both for netscape and IE.
Thanks
heatherwu@mailcity.com
 
manoj bagul
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Matt,
If don't have any trouble , then can u please send me how to
detecte the browser encryption level both for netscape and IE.
Thanks
MANOJ.
manoj.bagul@rxbazaar.com
 
varkala prabhakar
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Matt,
I was aslo looking for the same problem how to encrypt the passwords and credit card numbers with 128 bit encryption for IE. WOuld you mind helping me how you have solved your problem.
thanx
regards
prabhakar
 
Anonymous
Ranch Hand
Posts: 18944
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you're using a Servlet 2.3 compliant server, then you should look into the following request attributes:
  • String cipherSuite = (String)req.getAttribute("javax.servlet.request.cipher_suite");
  • Integer keySize = (Integer)req.getAttrbute("javax.servlet.request.key_size");

  • Prior to 2.3, different vendors may provide different attributes, but this was not standardized.
    A useful link: http://java.sun.com/j2se/1.4/docs/guide/security/jsse/JSSERefGuide.html
    ------------------
    Miftah Khan
    - Sun Certified Programmer for the Java� 2 Platform
    - Sun Certified Web Component Developer for the Java� 2 Platform, Enterprise Edition
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!