How to test your browser's encryption level

Discussion in 'other security issues & news' started by bellgamin, Sep 30, 2004.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    The link below will take you to Fortify -- an SSL-secured website that tests your browser's type of encryption. Fortify's site will tell you the actual type of encryption your browser is using, and provide commentary on the strength of that type of encryption.

    One thing -- my browser (K-meleon) grumbled that the name on Fortify's SSL license is slightly different from the name of their website. Here's the link...
    http://www.fortify.net/sslcheck.html
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Thanks for the link Bellgamin, using Avant browser I get this:

    "You have connected to this web server using the RC4-MD5 encryption cipher with a secret key length of 128 bits".

    Cheers. Pilli :)
     
  3. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Firefox told me that the security certificate of the site expired sometime in 2001. I dunno anything more; just tellin' ya what happened when I "clicka da link" and then I hit "cancel."
     
  4. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    Yep, they need to renew their SSL certificate. It has expired.

    BTW, if you are running IE, you can check out active encryption levels at any time you are connected via SSL by simply right clicking on the webpage in question and selecting properties. Next to "Connection" in the property page will be something like: "SSL 3.0, RC4 with 128 bit encryption (High); RSA with 1024 bit exchange". I'm sure that the alternative browsers offer something similar if not identical.

    Checking on a per page basis is preferable than using something like this site, because I believe the SSL protocol can be negotiated between the client and server... so just because your browser is capable of given algorithm or key length does not necessarily mean that is what ends up being used on a particular site if the other endpoint supports some lesser standard. So, if you are really concerned about such things, you should always check the actual connection properties of the SSL site you are interested in using.
     
  5. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I couldn't find an equivalent capability of K-meleon. Finally-- an advantage of IE!

    I would like such a capability. If I am negotiating a hostile takeover of AT&T, I would like to be sure that my connection is secure. :D

    Seriously, though -- I wish the Gecko family could do this. I shall mention it on the K-mel forum. Thanks for the info, Alex.
     
Loading...
Thread Status:
Not open for further replies.