detecting browser encryption capabilities

[Linus Nikander]

Is there any way to, serverside, determine the encryption capabilities of
the browser requesting a page ?

I need a way to determine if a particular client (browser) is capable of
128-bit encryption. If he isn't then i need to inform him of the fact that
128-bit encryption is a requirement to be able to continue. How should I go
about this ?

//Linus Nikander

 

[Brusque]

Is there any way to, serverside, determine the encryption capabilities of
the browser requesting a page ?

I need a way to determine if a particular client (browser) is capable of
128-bit encryption. If he isn't then i need to inform him of the fact that
128-bit encryption is a requirement to be able to continue. How should I go
about this ?

//Linus Nikander

The Servlet 2.3 spec defines a request attribute
javax.servlet.request.key_size which should be present for all HTTPS
requests

Integer keySize = (Integer)
request.getAttribute("javax.servlet.request.key_size");

I seem to remember a problem with some Mozilla versions that reported a
keysize of 0. Probably not a problem any more but you can also check the
javax.servlet.request.cipher_suite attribute to be safe.