Hi, > There are only limited repercussions, the SSL that was broken was the 40 > bit key exportable version that NetScape are forced to sell to non US > citizens. The domestic version uses 128 bit keys and so is virtually > impossible to break. The real problem is the US ITAR export laws, they > cripple US industry by forcing them to sell inferior products internationally > thus putting them at a large commercial disadvantage. > > Normal SSL is fine, the exportable version has been crippled and thus you > are at risk of someone with access to significant computing power. If the > SSL connections were allowed to be conducted with full security then there > would not be a problem. Netsite can be configured to not support the crippled RC4/RC2 methods, which is the way we've chosen to run it for security reasons. It means that you have to get the non-exportable version of Netscape, but that's not really a big deal. If anyone is interested, Netscape's Commerce Server can be set to use a combination of the following: RC4 (128 bits) RC4 (40 bits) RC2 (128 bits) RC2 (40 bits) IDEA (128 bits) DES (64 bits) DES with EDE 3 (192 bits) It's implied in the documentation that the client (browser) and server negotiate an encryption method for a session. As for which of the non-crippled ciphers are better, I have no idea. Anyone reading this know what 'DES with EDE 3' is? Later. -- /* Scott McClung * Software Engineer/UNIX System Administrator, SAIC * mcclung@imt.saic.com * mcclung@nawc690.chinalake.navy.mil */