Does anyone know if it's possible to detect the max key size of a browser that is connecting to a site? I'd like to limit connections on my secure site to browsers with 128bit encryption.
Thanks,
Gord
Detecting Browser SSL Key Size
You can't detect the maximum key size, only the key size in use.
I'm assuming you're using Apache here - if not, these tips won't apply.
Set the
SSLOptions +StdEnvVars
On .php files as necessary, then the vars described in this page will be available:
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#envvars
You can also use the highly flexible SSLRequire directive to require a session key of a given size.
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
If applied to a directory or given resource, this may cause Apache to try to renegotiate the SSL session to get a bigger key size. You can also assert this somehow on the entire virtual host, in which case I believe key sizes < 128 will then be refused totally.
There are also heaps and heaps of other options.
Mark