User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01 Build Identifier: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01 In Mozilla, Netscape, Konqueror and likely in other similiar browsers, it is IMPOSSIBLE to see RSA keysize at all. You can see the RC4/DES/3DES keysize (symmetric cipher) from the page security info, but there is absolutely no way to check RSA keysize. Let me make this clear. This is very serious security issue. It is vital to see RSA keysize, there is no point of checking symmetric cipher size since it does NOT tell you anything about the encryption level. The symmetric ciphers key is in SSL/TLS encrypted using RSA and if RSA keysize is small (lets say 512bit), there is no point of using 128bit RC4 or 168bit 3DES, because 512bit RSA only gives about "50bit security". So the problem is, that when you go to SSL/TLS protected site, you cant know if the encryption gives good protection (128bit RC4 or 168bit 3DES with 2048bit RSA), or does it give you very poor protection (128bit RC4 or 168bit 3DES with 512bit RSA). (Ofcourse you can see that protection is poor if site supports 40bit RC4/DES) with xxxxbit RSA, but the point is you can not know it the security is poor due to small keysize of RSA). This is, as I must point out again, very serious security issue and should be quickly fixed! Reproducible: Always Steps to Reproduce: 1. Go to any https website 2. Try to findout RSA keysize (You cant). Actual Results: Symmetric cipher size (40, 56, 128 or 168bit) could be viewed, but no RSA keysize. Expected Results: When checking the page encryption level, Mozilla should warn about insecure RSA keysize (512bit) and when page security information is viewed, RSA keysize should be visible.
*** This bug has been marked as a duplicate of 78837 ***