Hi Geoff,
Thanks for the info, should help future users.
-Dave
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Geoff Fowler
> Sent: Tuesday, February 13, 2001 9:47 AM
> To: '[EMAIL PROTECTED]'
> Subject: RE: RE: SSL-induced loading errors
>
>
> Hi Dave, et al:
>
> I just joined the mod_ssl mailing list and found the directives for
> SSLRequire and SSLCipherSuite very helpful.
>
> We are running Apache 1.3.14 with mod_ssl 2.7.1, openssl 0.9.6
> and mm 1.1.3
> on Solaris 7 (yikes!). We are also using a Verisign Global ("Step-up") ID.
> While most browsers were "bumping up" to 128-bit encryption, regardless of
> their origin (i.e. domestic vs. export, etc.), Mac versions of IE, as well
> as IE5.x running on Windows 2000 WITHOUT Service Pack 1 were failing to
> negotiate the correct algorithm, killing the connection. This is,
> in fact, a
> known issue and excused by Microsoft in the following KB article:
> http://support.microsoft.com/support/kb/articles/Q249/8/63.ASP
>
> After we added the two directives discussed at the beginning of this post,
> however, all of our client browsers (including the broken IE5.x variants)
> negotiated the handshake correctly and were bumped-up to 128-bit
> encryption.
>
> It seems that even non-128 bit browsers also work correctly - although I
> have only tested this with a Verisign Global ID.
>
> Cheers,
> Geoff
>
> > [EMAIL PROTECTED] writes:
> > >Can you post the config for your SSL virtual host without comments?
> >
> > Actually, I just tried adding:
> >
> > SSLRequire %{SSL_CIPHER} >= 128
> >
> > And it appears to work on just about every new and old browser/platform!
> > Hope this helps some future newbie...
>
> >>Even on non-128 bit browsers?
>
> >>-Dave
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
