How to test your browser's encryption level

Discussion in 'other security issues & news' started by bellgamin, Sep 30, 2004.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    The link below will take you to Fortify -- an SSL-secured website that tests your browser's type of encryption. Fortify's site will tell you the actual type of encryption your browser is using, and provide commentary on the strength of that type of encryption.

    One thing -- my browser (K-meleon) grumbled that the name on Fortify's SSL license is slightly different from the name of their website. Here's the link...
    http://www.fortify.net/sslcheck.html
     
    bellgamin, Sep 30, 2004
    #1
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Thanks for the link Bellgamin, using Avant browser I get this:

    "You have connected to this web server using the RC4-MD5 encryption cipher with a secret key length of 128 bits".

    Cheers. Pilli :)
     
    Pilli, Sep 30, 2004
    #2
  3. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Firefox told me that the security certificate of the site expired sometime in 2001. I dunno anything more; just tellin' ya what happened when I "clicka da link" and then I hit "cancel."
     
    Detox, Sep 30, 2004
    #3
  4. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    480
    Location:
    Dallas, TX
    Yep, they need to renew their SSL certificate. It has expired.

    BTW, if you are running IE, you can check out active encryption levels at any time you are connected via SSL by simply right clicking on the webpage in question and selecting properties. Next to "Connection" in the property page will be something like: "SSL 3.0, RC4 with 128 bit encryption (High); RSA with 1024 bit exchange". I'm sure that the alternative browsers offer something similar if not identical.

    Checking on a per page basis is preferable than using something like this site, because I believe the SSL protocol can be negotiated between the client and server... so just because your browser is capable of given algorithm or key length does not necessarily mean that is what ends up being used on a particular site if the other endpoint supports some lesser standard. So, if you are really concerned about such things, you should always check the actual connection properties of the SSL site you are interested in using.
     
    Alec, Sep 30, 2004
    #4
  5. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I couldn't find an equivalent capability of K-meleon. Finally-- an advantage of IE!

    I would like such a capability. If I am negotiating a hostile takeover of AT&T, I would like to be sure that my connection is secure. :D

    Seriously, though -- I wish the Gecko family could do this. I shall mention it on the K-mel forum. Thanks for the info, Alex.
     
    bellgamin, Sep 30, 2004
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...