On Mon, May 07, 2001 at 11:39:59AM -0400, Geoffrey Young wrote:
> Hi all...
>
> sorry for the OT, but has anyone figured out how to tell whether a browser
> supports 56 or 128 bit encryption? Apparently, users of IE with 56 bit,
> when entering a 128 bit page, get the standard Cannot Find Server error page
> with little in the way directions to help the EU know to upgrade.
If you set your site to accept only 128 bit ciphers, this is what will happen
because the browsers that are capable of upgrading from 56 to 128 bit
encryption do this by first connecting at 56 and the renegotiating at 128.
See also http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/README.GlobalID
>
> has anyone battled this and come up with an elegant solution?
>
It would of course help a bit if you told us which server you're trying to
do this on ;-) With Apache+mod_ssl it is quite simple - just configure it
to allow the weak ciphers, and then limit actual access by using SSLRequire
to allow only >= 128 bits encryption.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
