Detecting Browser SSL Key Size

gjewett

Does anyone know if it's possible to detect the max key size of a browser that is connecting to a site? I'd like to limit connections on my secure site to browsers with 128bit encryption.

Thanks,
Gord

MarkR

You can't detect the maximum key size, only the key size in use.

I'm assuming you're using Apache here - if not, these tips won't apply.

Set the

SSLOptions +StdEnvVars

On .php files as necessary, then the vars described in this page will be available:

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#envvars

You can also use the highly flexible SSLRequire directive to require a session key of a given size.

SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128

If applied to a directory or given resource, this may cause Apache to try to renegotiate the SSL session to get a bigger key size. You can also assert this somehow on the entire virtual host, in which case I believe key sizes < 128 will then be refused totally.

There are also heaps and heaps of other options.

Mark