On Wed, Jul 19, 2000 at 12:24:01PM +0100, Edward Thomas wrote:
> Dear All,
>
> I am running a site based around mod_ssl 2.6.5, open ssl 0.9.5a and Apache
> 1.3.12 using a Thawte "Super Certificate" (designed to allow new browsers to
> use 128 bit encryption outside the USA).
>
> The problem is that, while the site works fine with Netscape (versions < 4.7
> using 56 bit encryption, versions >= 4.7 using 128 bit), on IE, it cannot be
> accessed. According to Thawte, this is an incompatiblility between IE and
> Apache, newer versions of IE do not suffer from this and older versions can
> be upgraded, however I do not want to force my customers to download an
> upgrade. What I need to know is is there any work around for this problem,
> perhaps specifying 56 bit encryption only for relevent versions of IE.
Please refer to the modssl FAQ:
http://www.modssl.org/docs/2.6/ssl_faq.html#ToC48
Make sure you have the following lines in your httpd.conf for your SSL
virtual host:
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
-Dave
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
