The figure above illustrates the primary difference between export-grade and fortified web browsers. The export-grade browser - on the left - can only communicate securely with a certain very specific set of web servers. The fortified browser - on the right - can communicate securely with any full strength web server anywhere on the Internet (for the purposes of the diagram, the fortified browser is equivalent to any other strong-SSL browser).
Web servers can be categorized according to their respective encryption capabilities.
These servers are widely regarded as inadequate for any purpose that involves the need for security, privacy, authentication or message integrity. Do not trust your data to a class A server. Electronic commerce services that employ these web servers should be avoided at all costs; instead you should complain to the site web master!
Some examples of operational class A servers are:
Export-grade Netscape (and Microsoft) browsers do not use strong encryption when communicating with class B servers. A fortified browser can communicate securely with a class B server.
Some examples of operational class B servers are:
Export-grade Netscape (and Microsoft) browsers do not use strong encryption when communicating with class C servers. A fortified browser can communicate securely with a class C server.
Recent changes to the U.S. Government's export regulations made this class of server software more accessible for some non-U.S. organizations - e.g. foreign subsidiaries of U.S. companies, and health and medical organizations. Unfortunately, the relaxation does very little - if anything - to improve overall security levels on the World Wide Web, since the same export-grade limitation remains in place on the Netscape and Microsoft browsers.
Some examples of operational class C servers are:
Recent versions of Netscape's and Microsoft's export-grade browsers are able to perform strongly encrypted communications with class D servers. Such browsers initially connect to the web server using 40-bit encryption. Upon receiving and recognising the web server's Global Server ID certificate, the browser automatically closes the connection, and then re-opens it using 128-bit encryption. Thus the network connection is negotiated twice.
A fortified browser will communicate with a class D server using strong encryption, and it will negotiate the initial connection only once.
Some examples of operational class D servers are: