In response to:

> I'm having problems with Internet Explorer version 5.00.2614.3500 40bit.
> I am able to connect just fine Netscape, both 128-bit and 56-bit versions.
> However, connecting with the afforementioned IE produces an error (and
> this is supposedly the version shipped on the Wind98 CD):



Kristofer T. Karas writes:


The problem is that each implementation of SSL (OpenSSL, Netscape,
Microsoft, ...) comes with a different assortment of supported ciphers
for each version of the SSL protocol (2 and 3).  As it so happens,
40-bit IE only supports ciphers that use a 1024 bit key.  Remember that
the "key length" number represents the encoded length of the prime
numbers used in the public key exchange, which bears little relation to
the key length of the cipher that actually encrypts the data itself.

You can emulate this bug in Netscape by turning of SSL3 and then only
enabling the bottom two ciphers of SSL2; it too will exhibit the same
problems as 40 bit IE.   (Umm, maybe I have that backwards; it's been
awhile since I investigated.)

The bug: when OpenSSL calls back to STunnel asking for a key, stunnel
ignores the requested key length, only returning a 512 bit one.

The solution: this is patched against vanilla 3.8, but it patches
successfully against 3.8p4 too.
Have fun...
Kris