51:. When the legislation added an exception for financial transactions, SGC was created as an extension to SSL with the certificates being restricted to financial organisations. In 1999, this list was expanded to include online merchants, healthcare organizations, and insurance companies. This legislation changed in January 2000, resulting in vendors no longer shipping export-grade browsers and SGC certificates becoming available without restriction.
77:, which needs its own high encryption pack that was included in Service Pack 2 and later). "Export-grade" browsers are unusable on the modern Web due to many servers disabling export cipher suites. Additionally, these browsers are incapable of using SHA-2 family signature hash algorithms like SHA-256. Certification authorities are trying to phase out the new issuance of certificates with the older SHA-1 signature hash algorithm.
743:
80:
The continuing use of SGC facilitates the use of obsolete, insecure Web browsers with HTTPS. However, while certificates that use the SHA-1 signature hash algorithm remain available, some certificate authorities continue to issue SGC certificates (often charging a premium for them) although they are
97:
used
International Step-Up, which used the now obsolete insecure renegotiation to change to a stronger cipher suite. Microsoft used SGC, which sends a new Client Hello message listing the stronger cipher suites on the same connection after the certificate is determined to be SGC capable, and also
92:
that it supports. Although the weaker exported browsers would only include weaker ciphers in its initial SSL handshake, the browser also contained stronger cryptography algorithms. There are two protocols involved to activate them.
98:
supported
Netscape Step-Up for compatibility (though this support in the NT 4.0 SP6 and IE 5.01 version had a bug where changing MAC algorithms during Step-Up did not work properly).
1005:
203:
36:
81:
obsolete. The reason certificate authorities can charge a premium for SGC certificates is that browsers only allowed a limited number of roots to support SGC.
881:
236:
826:
129:
832:
976:
820:
187:
524:
395:
146:
1277:
1098:
208:
914:
1307:
1020:
808:
779:
534:
529:
380:
253:
1241:
693:
597:
503:
933:
421:
229:
1246:
843:
685:
602:
1058:
1028:
927:
400:
375:
1038:
908:
1219:
982:
746:
349:
222:
126:
1078:
949:
632:
582:
342:
1199:
1162:
1129:
802:
788:
488:
335:
32:
960:
944:
849:
549:
539:
405:
939:
903:
814:
647:
493:
66:
163:
1302:
1266:
1167:
887:
772:
483:
390:
175:
94:
70:
31:, is a defunct mechanism that was used to step up from 40-bit or 56-bit to 128-bit cipher suites with
642:
617:
587:
478:
318:
313:
73:
started supporting strong encryption without the need for a separate high encryption pack (except on
308:
303:
298:
293:
288:
283:
278:
273:
268:
58:
1183:
898:
544:
150:
1134:
860:
720:
245:
54:
1139:
955:
893:
765:
612:
436:
865:
627:
441:
710:
715:
637:
572:
567:
508:
1296:
920:
855:
673:
592:
385:
133:
48:
1214:
988:
728:
668:
663:
607:
74:
577:
85:
1261:
453:
40:
1256:
1068:
1033:
498:
458:
355:
44:
1073:
1063:
1048:
62:
28:
1113:
1108:
1093:
1083:
622:
463:
448:
426:
37:
United States federal legislation on the export of strong cryptography
1271:
1224:
1204:
1103:
1088:
1053:
89:
214:
1251:
1209:
1043:
838:
678:
473:
468:
107:
431:
761:
218:
757:
188:
Server-Gated
Cryptography (SGC) browsers pose security risks
47:
and shorter key lengths in software exported outside of the
164:
University of
Cambridge page on Server Gated Cryptography
84:
When an SSL handshake takes place, the software (e.g. a
1234:
1192:
1176:
1155:
1148:
1122:
1019:
998:
969:
874:
795:
703:
656:
560:
517:
414:
368:
327:
261:
252:
57:supported SGC starting with patched versions of
803:Transport Layer Security / Secure Sockets Layer
1006:Export of cryptography from the United States
773:
230:
204:Microsoft's page on Server Gated Cryptography
8:
882:Automated Certificate Management Environment
39:in the 1990s. The legislation had limited
1152:
827:DNS-based Authentication of Named Entities
780:
766:
758:
258:
237:
223:
215:
833:DNS Certification Authority Authorization
119:
977:Domain Name System Security Extensions
821:Application-Layer Protocol Negotiation
603:Microsoft Java Virtual Machine (MSJVM)
7:
915:Online Certificate Status Protocol
14:
809:Datagram Transport Layer Security
535:Integrated Windows Authentication
1242:Certificate authority compromise
742:
741:
694:United States v. Microsoft Corp.
583:Channel Definition Format (.cdf)
35:. It was created in response to
1247:Random number generator attacks
934:Extended Validation Certificate
633:Server Gated Cryptography (SGC)
844:HTTP Strict Transport Security
176:SSLShopper.com "Say No to SGC"
1:
211:on SGC, Step-Up and Global-ID
928:Domain-validated certificate
909:Certificate revocation list
391:Browser Helper Object (BHO)
1324:
983:Internet Protocol Security
796:Protocols and technologies
147:"Global Server ID Details"
1011:Server-Gated Cryptography
950:Public key infrastructure
875:Public-key infrastructure
737:
209:Old mod_ssl documentation
17:Server-Gated Cryptography
1308:Transport Layer Security
1163:Man-in-the-middle attack
1130:Certificate Transparency
489:Temporary Internet Files
127:Thawte SGC Knowledgebase
49:United States of America
1274:(in regards to TLS 1.0)
1227:(in regards to SSL 3.0)
961:Self-signed certificate
945:Public-key cryptography
866:Perfect forward secrecy
850:HTTP Public Key Pinning
95:Netscape Communicator 4
1278:Kazakhstan MITM attack
940:Public key certificate
904:Certificate revocation
815:Server Name Indication
648:Windows Desktop Update
598:Internet Mail and News
494:Vector Markup Language
67:Internet Explorer 5.01
1267:Lucky Thirteen attack
1168:Padding oracle attack
888:Certificate authority
71:Internet Explorer 5.5
25:International Step-Up
643:Windows Address Book
518:Software and engines
153:on 29 February 2000.
588:Comic Chat/Chat 2.0
59:Internet Explorer 3
1184:Bar mitzvah attack
899:Certificate policy
680:Eolas v. Microsoft
669:Second Browser War
525:Administration Kit
509:XHR/XDomainRequest
1290:
1289:
1286:
1285:
861:Opportunistic TLS
755:
754:
721:Dean Hachamovitch
664:First Browser War
364:
363:
246:Internet Explorer
88:) would list the
55:Internet Explorer
23:), also known as
1315:
1153:
1140:HTTPS Everywhere
956:Root certificate
894:CA/Browser Forum
782:
775:
768:
759:
745:
744:
687:Sun v. Microsoft
613:MSN for Mac OS X
259:
239:
232:
225:
216:
191:
185:
179:
173:
167:
161:
155:
154:
149:. Archived from
143:
137:
124:
1323:
1322:
1318:
1317:
1316:
1314:
1313:
1312:
1293:
1292:
1291:
1282:
1230:
1188:
1172:
1149:Vulnerabilities
1144:
1118:
1021:Implementations
1015:
994:
965:
870:
791:
786:
756:
751:
733:
699:
652:
628:Outlook Express
561:Implementations
556:
530:Developer Tools
513:
442:HTML Components
410:
360:
323:
248:
243:
200:
195:
194:
186:
182:
174:
170:
162:
158:
145:
144:
140:
125:
121:
116:
104:
12:
11:
5:
1321:
1319:
1311:
1310:
1305:
1295:
1294:
1288:
1287:
1284:
1283:
1281:
1280:
1275:
1269:
1264:
1259:
1254:
1249:
1244:
1238:
1236:
1235:Implementation
1232:
1231:
1229:
1228:
1222:
1217:
1212:
1207:
1202:
1196:
1194:
1190:
1189:
1187:
1186:
1180:
1178:
1174:
1173:
1171:
1170:
1165:
1159:
1157:
1150:
1146:
1145:
1143:
1142:
1137:
1132:
1126:
1124:
1120:
1119:
1117:
1116:
1111:
1106:
1101:
1096:
1091:
1086:
1081:
1076:
1071:
1066:
1061:
1056:
1051:
1046:
1041:
1036:
1031:
1025:
1023:
1017:
1016:
1014:
1013:
1008:
1002:
1000:
996:
995:
993:
992:
986:
980:
973:
971:
967:
966:
964:
963:
958:
953:
947:
942:
937:
931:
925:
924:
923:
918:
912:
901:
896:
891:
885:
878:
876:
872:
871:
869:
868:
863:
858:
853:
847:
841:
836:
830:
824:
818:
812:
806:
799:
797:
793:
792:
787:
785:
784:
777:
770:
762:
753:
752:
750:
749:
738:
735:
734:
732:
731:
726:
723:
718:
716:Thomas Reardon
713:
707:
705:
701:
700:
698:
697:
690:
683:
676:
671:
666:
660:
658:
654:
653:
651:
650:
645:
640:
635:
630:
625:
620:
615:
610:
605:
600:
595:
590:
585:
580:
575:
573:Active Desktop
570:
568:Active Channel
564:
562:
558:
557:
555:
554:
553:
552:
542:
537:
532:
527:
521:
519:
515:
514:
512:
511:
506:
501:
496:
491:
486:
481:
476:
471:
466:
461:
456:
451:
446:
445:
444:
439:
429:
424:
418:
416:
412:
411:
409:
408:
403:
398:
393:
388:
383:
378:
372:
370:
366:
365:
362:
361:
359:
358:
353:
346:
339:
331:
329:
325:
324:
322:
321:
316:
311:
306:
301:
296:
291:
286:
281:
276:
271:
265:
263:
256:
250:
249:
244:
242:
241:
234:
227:
219:
213:
212:
206:
199:
198:External links
196:
193:
192:
180:
168:
156:
138:
132:2013-02-03 at
118:
117:
115:
112:
111:
110:
103:
100:
13:
10:
9:
6:
4:
3:
2:
1320:
1309:
1306:
1304:
1301:
1300:
1298:
1279:
1276:
1273:
1270:
1268:
1265:
1263:
1260:
1258:
1255:
1253:
1250:
1248:
1245:
1243:
1240:
1239:
1237:
1233:
1226:
1223:
1221:
1218:
1216:
1213:
1211:
1208:
1206:
1203:
1201:
1198:
1197:
1195:
1191:
1185:
1182:
1181:
1179:
1175:
1169:
1166:
1164:
1161:
1160:
1158:
1154:
1151:
1147:
1141:
1138:
1136:
1133:
1131:
1128:
1127:
1125:
1121:
1115:
1112:
1110:
1107:
1105:
1102:
1100:
1097:
1095:
1092:
1090:
1087:
1085:
1082:
1080:
1077:
1075:
1072:
1070:
1067:
1065:
1062:
1060:
1057:
1055:
1052:
1050:
1047:
1045:
1042:
1040:
1037:
1035:
1032:
1030:
1029:Bouncy Castle
1027:
1026:
1024:
1022:
1018:
1012:
1009:
1007:
1004:
1003:
1001:
997:
990:
987:
984:
981:
978:
975:
974:
972:
968:
962:
959:
957:
954:
951:
948:
946:
943:
941:
938:
935:
932:
929:
926:
922:
921:OCSP stapling
919:
916:
913:
910:
907:
906:
905:
902:
900:
897:
895:
892:
889:
886:
883:
880:
879:
877:
873:
867:
864:
862:
859:
857:
856:OCSP stapling
854:
851:
848:
845:
842:
840:
837:
834:
831:
828:
825:
822:
819:
816:
813:
810:
807:
804:
801:
800:
798:
794:
790:
783:
778:
776:
771:
769:
764:
763:
760:
748:
740:
739:
736:
730:
727:
724:
722:
719:
717:
714:
712:
709:
708:
706:
702:
696:
695:
691:
689:
688:
684:
682:
681:
677:
675:
674:Download.ject
672:
670:
667:
665:
662:
661:
659:
655:
649:
646:
644:
641:
639:
636:
634:
631:
629:
626:
624:
621:
619:
616:
614:
611:
609:
606:
604:
601:
599:
596:
594:
593:DirectX Media
591:
589:
586:
584:
581:
579:
576:
574:
571:
569:
566:
565:
563:
559:
551:
548:
547:
546:
543:
541:
538:
536:
533:
531:
528:
526:
523:
522:
520:
516:
510:
507:
505:
502:
500:
497:
495:
492:
490:
487:
485:
482:
480:
477:
475:
472:
470:
467:
465:
462:
460:
457:
455:
452:
450:
447:
443:
440:
438:
435:
434:
433:
430:
428:
425:
423:
420:
419:
417:
413:
407:
404:
402:
399:
397:
394:
392:
389:
387:
384:
382:
379:
377:
374:
373:
371:
367:
357:
354:
352:
351:
347:
345:
344:
340:
338:
337:
333:
332:
330:
326:
320:
317:
315:
312:
310:
307:
305:
302:
300:
297:
295:
292:
290:
287:
285:
282:
280:
277:
275:
272:
270:
267:
266:
264:
260:
257:
255:
251:
247:
240:
235:
233:
228:
226:
221:
220:
217:
210:
207:
205:
202:
201:
197:
189:
184:
181:
177:
172:
169:
165:
160:
157:
152:
148:
142:
139:
135:
134:archive.today
131:
128:
123:
120:
113:
109:
106:
105:
101:
99:
96:
91:
87:
82:
78:
76:
72:
68:
64:
61:. SGC became
60:
56:
52:
50:
46:
42:
38:
34:
30:
26:
22:
18:
1303:Cryptography
1010:
989:Secure Shell
729:Inori Aizawa
725:Scott Isaacs
711:Tantek Çelik
692:
686:
679:
608:MSN Explorer
479:RSS Platform
415:Technologies
348:
341:
334:
183:
171:
159:
151:the original
141:
122:
83:
79:
75:Windows 2000
53:
24:
20:
16:
15:
1135:Convergence
789:TLS and SSL
578:ActiveMovie
449:favicon.ico
422:Accelerator
190:, 3/12/2010
178:, 3/12/2010
166:, 3/12/2010
136:, 3/12/2010
86:web browser
1297:Categories
1262:Heartbleed
618:NetMeeting
484:Smart tags
396:Extensions
114:References
45:algorithms
41:encryption
1257:goto fail
1069:MatrixSSL
1034:BoringSSL
805:(TLS/SSL)
499:Web Slice
459:Index.dat
454:HTML+TIME
386:Box model
356:IEs4Linux
1193:Protocol
1123:Notaries
1099:SChannel
1074:mbed TLS
1064:LibreSSL
1049:cryptlib
979:(DNSSEC)
970:See also
747:Category
638:Spyglass
369:Overview
350:for UNIX
254:Versions
130:Archived
102:See also
69:SP1 and
63:obsolete
43:to weak
29:Netscape
1114:wolfSSL
1109:stunnel
1094:s2n-tls
1084:OpenSSL
999:History
985:(IPsec)
623:NetShow
464:JScript
427:ActiveX
401:Removal
381:Add-ons
376:History
343:for Mac
90:ciphers
1272:POODLE
1225:POODLE
1220:Logjam
1205:BREACH
1177:Cipher
1156:Theory
1104:SSLeay
1089:Rustls
1054:GnuTLS
917:(OCSP)
884:(ACME)
852:(HPKP)
846:(HSTS)
829:(DANE)
823:(ALPN)
811:(DTLS)
704:People
657:Events
550:Chakra
545:MSHTML
540:Tasman
406:Shells
336:Mobile
1252:FREAK
1215:DROWN
1210:CRIME
1200:BEAST
1044:BSAFE
1039:Botan
991:(SSH)
952:(PKI)
911:(CRL)
839:HTTPS
835:(CAA)
817:(SNI)
474:MSXML
469:MHTML
328:Other
108:FREAK
65:when
1059:JSSE
936:(EV)
930:(DV)
890:(CA)
504:WPAD
432:HTML
262:Main
1079:NSS
437:HTA
33:SSL
27:by
21:SGC
1299::
319:11
314:10
781:e
774:t
767:v
309:9
304:8
299:7
294:6
289:5
284:4
279:3
274:2
269:1
238:e
231:t
224:v
19:(
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.