Thanks for all the replies.
I finally figured it by using a similar configuration to the one you listed.
Jeff
At 11:35 AM 8/9/00 -0600, you wrote:
>Jeff:
>
>I have been able to generate a 403 message from the server by doing the
>following:
>
>---- start configuration ----
>
># playing around with SSL stuff (dr)
>
>SSLProtocol all
>#SSLCipherSuite HIGH:MEDIUM
>
><Directory /usr/local/apache/htdocs>
> SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
></Directory>
>
><Location /servlet>
> SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
></Location>
>
>ErrorDocument 403 http://www.bitonic.com/error/custom403.html
>
>---- end configuration ----
>
>I have this all within a <VirtualHost> directive and it works fine. Of
>course the only problem with it is that there are many things which
>could generate a 403 (Forbidden) error, so the custom response can't
>specifically say you must have a 128-bit capable browser.
>
>Notice I commentted out the SSLCipherSuite method as leaving that in
>does indeed force 128-bit encryption but generates the error message you
>refer to.
>
>-dr
>
>
> > Sorry, but the "Error Document 403 http://www.xxx.com/ssl_error_page.htm"
> > directive does not work.
> >
> > The server does NOT generate a 403 error for a failed SSL connection. If
> > the server does generate a standard error code, then I might be able to
> > intercept it and send them to another page.
> >
> > Here are the messages that show up in the error log:
> >
> > mod_ssl: SSL handshake failed (server ssl.xxxxxxx.com)
> > OpenSSL: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
> cipher
> >
> > Any other ideas about how I can get this to somehow trigger a redirect to
> > my error page.
> >
> > Thanks,
> >
> > Jeff
> >
> >
> >
> > At 01:31 PM 8/4/00 -0400, you wrote:
> > >I haven't looked too deeply into this, but I assume that by adding the
> > >directives:
> > >
> > >SSLCipherSuite
> > >SSLRequireSSL
> > >ErrorDocument 403
> > >
> > >at the per-Directory level, you ought to be able to do what you want.
> > >Tne ErrorDocument lets you specify either a text message or a
> re-direct URL.
> > >
> > > > -----Original Message-----
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
> > > > Sent: Thursday, August 03, 2000 5:38 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: One more time -- How do I set up a redirect or error page
> for <
> > > > 128-bit connections
> > > >
> > > >
> > > > I didn't see any replies to this the first time (and I still haven't
> > > > figured it), so let's try again...
> > > >
> > > > I have my server configured to only accept 128-bit+ SSL/TLS
> connections.
> > > >
> > > > How can I configure things to display an error page or do a
> redirect if a
> > > > user attempts to connect at a lower encryption level? I had this
> working
> > > > with Apache-SSL by intercepting the "403" error and displaying an error
> > > > page. However, I recently switched to mod_ssl and this trick
> > > > does not work.
> > > >
> > > > The examples I have seen show how to set up different levels of
> > > > encryption
> > > > for different directories, but this is not what I need. I need
> > > > to display
> > > > an error page for anyone who attempts a low-encryption connection
> > > > on any page.
> > > >
> > > > Thanks,
> > > >
> > > > Jeff
>
>--
>Douglas B. Robertson, B.Sc. E-Mail : [EMAIL PROTECTED]
>Bitonic Solutions Inc. Phone : 403.209.4025
>Calgary, Alberta Cell : 403.616.9463
>
> http://www.bitonic.com/
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
