We ran into an interesting problem.
Using IE 5.0 on a Mac, connecting to apache 1.3.14/mod_ssl 2.7.1 via HTTPS
which has a certificate signed by an unknown CA (haven't quite figured out
how to import the CA cert in IE yet), IE seems to allow you to proceed
using the connection (a dialog box allows you to continue), but over an
UNENCRYPTED channel. It is still communicating via HTTPS, but IE does not
identify a cipher being used and the dialog implies that is is not using
any.
I want to disable this. I'm already using the recommended SSLCipherSuite
line of:
ALL:!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXPORT56:\
RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
I've tried adding !eNULL at the end and before the !EXPORT56, but it
doesn't seem to matter.
Is there a way to prevent unencrypted communications?
--
======================================================================
Brian O'Neill @ home [EMAIL PROTECTED]
At work I'm: [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
