The step-up is basically a client side feature, it really only requires a server that supports strong ciphersuites. What happens is that export strength clients first initiate the connection advertising only export ciphersuites and completing the handshake. When it has been verified that a step-up is allowed the connection is renegotiated now also allowing strong ciphersuites. Successive connections are established using strong ciphersuites right away. Note that this is what I gathered from the documentation that is available. As we cannot get such a certificate I could never actually try it out live. Regards, Andreas Sterbenz mailto:Andreas.Sterbenz@iaik.tu-graz.ac.at -----Ursprüngliche Nachricht----- Von: Zahid Ahmed <email@example.com> An: Andreas Sterbenz <Andreas.Sterbenz@iaik.tu-graz.ac.at>; <firstname.lastname@example.org> Gesendet: Dienstag, 14. September 1999 21:14 Betreff: RE: [iaik-jce] International Step-Up Encryption Certificate How would IAIK iSASiLk "step-up" to use the stronger encryption key? What do we need to do to make the SSL Server step up when using a Verisign Global Server ID?