Matthias Wächter

Consider maximum supported key length of browser

Discussion created by Matthias Wächter on Jun 19, 2015
Latest reply on Jun 23, 2015 by Matthias Wächter



OS X, without special configuration options, imposes a limit of 4096 bits for any SSL key (server, intermediate CAs, root CA) <>. I’m using a key with a length > 4096, but the server test shows successful compatibility with Safari on OS X, which is not true. Note that at least Firefox on OS X can connect to my server even without this configuration applied – it seems it brings with it a separate SSL engine that doesn’t use the OS X default limitations.


It would be great if the server test could reflect this incompatibility of/with Safari and perhaps guide the user to more documentation like the given link about the problem and the fix. And of course, it would be good to put any such constraint into the actual feature list of browsers, perhaps depending on the OS it’s running on.


Thanks for consideration,

– Matthias