See my previous entry, basically you have to: Allow all ciphers restrict the root directory on CIPHER key size put in a 403 error document, this should be in a directory outside the root with an alias to that directory eg.
ErrorDocument 403 http://url/security/403.html Alias /security /../errordir <Directory /rootdir> SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 </Directory> Note: If you have any rewrites these will operate before the key size is checked unless you put the Rewrites at the directory level. You should use full URL for the 403 document otherwise Apache does a redirect to https://url/security/403.html and you could get into a n infinite loop on the https. Regards Mike Bray -----Original Message----- From: Philip Ravenscroft [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 6:33 PM To: [EMAIL PROTECTED] Subject: error page on failure to negotiate ssl connection We are using server-gated cryptography to mandate 128 bit key strength, but to also upgrade export browsers. However, we would like users who do not have adequate ssl support to see an error page we create rather than whatever their browser's error message it. Is there a way to do this with apache+mod_ssl? I imagine it's a bit of a chicken-and-egg problem because in order to redirect the user to an error page, a ssl connection has to be made at the lower cipher strength. Philip ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
