Does anyone have a table of the default levels of encryption which the various browsers out there support? For instance I know that IE5 and lower struggle even to cope with 40 bit encryption but the latest browsers easily do 256 and beyond.
The reason I ask is that I'm looking to get a wildcard certificate for my domain and the price difference is huge between a server gated certificate (where it enforces a minimum of 128bit) and a non-gated certificate (where the browser sets the encryption level).
Obviously I like the idea of paying £300 less for the non-gated certificate, but only if I can be sure that the majority of my users (FF3 / Opera / Chrome / IE7+) are going to get good encryption.
According to the wikipedia article on Server_gated_cryptography, you don't need the Server Gated Cryptography certificate.
The 128bit certificates do allow for 40bit encryption. If you're using Apache, then you'll need to use the SSLCipherSuite configuration directive to set the acceptable ciphers to only be the stronger ones.
See this for more info on Apache SSL: http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html
You can get an idea of what version of TLS/SSL is supported on which browser. http://en.wikipedia.org/wiki/Transport_Layer_Security#Browser_implementations
Verisign shows us when SGC will be required. http://www.verisign.com/ssl/ssl-information-center/strongest-ssl-encryption/
This link shows what a bank considers "supported" http://eslfcu.info/infodesk/browserCompatability.html
not sure what Chrome supports, but I believe it's SSL2.0