I'm a newbie at setting up a Web server so please excuse any ignorance contained in this message. I recently set up a Web server at work running Red Hat 6.2 Pro and installed the Red hat Apache/SSL CD. Just about everything seems to be working OK. I purchased the lower-price cert from Verisign figuring I could test the KEY_SIZE variable in a CGI script and restrict access to certain pages to only those that have a domestic browser (giving a 128-bit encryption level if I understand all that correctly). My problem is I'm only seeing the HTTPS environment variable (which does get set to "on"). I don't see the KEY_SIZE or any of the other SSL-related variables. I contacted Red Hat support but they said they have no idea. I have searched the Web and Deja trying to find an answer also. I tried the Apache-SSL mail-list but they directed me here. I read the FAQ about using: SSLOptions +StdEvnVars but I get a "Document contains no data" error from Netscape 4.x. The httpsd.conf file contains the line: #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire I tried uncommenting this and restarting but either the server wouldn't respond to https page requests or I would get the above "Document contains no data" error. I also tried just using: SSLOptions +CompatEnvVars with the same results. A CGI script that prints out the environment shows the following: Apache/1.3.12 (Unix) Red-Hat-Secure/3.2 mod_ssl/2.6.2 BSAFE-SSL-C/1.0.0i You can see the environment listing by going to http://www.mcdaonline.org and clicking on the paddle-lock graphic near the top of the page. (The site is still under construction.) Any help would be deeply appreciated. My employer handles peoples' medical info so I want to achieve the highest level of encryption possible. -- Keith Parkansky Milwaukee County Dept. on Aging ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
