The Risks of Short RSA Keys
Despite this confidence, the flexibility of SSL potentially leaves companies and their customers at risk. The SSL protocol does not mandate minimum key lengths to be used during the critical initial key exchange that begins each secure session. All too many servers still use insufficiently secure long-term keys.
While nearly all modern web browsers use sufficient security for the bulk of the data communication in each session, SSL allows for a variety of key lengths to be used in the key exchange process and it is this which creates risk.
The link for this article located at nCipher is no longer available.