On Thu, Mar 29, 2001 at 08:47:29AM -0800, David Rees wrote:
>
> Taking a look at the Thawte site and their FAQ about Super Certs, it seems
> that you can disable only these ciphers and get the broken MSIE clients to
> work:
>
> DES-CBC-SHA, DES-CBC-MD5, EDH-RSA-DES-CBC-SHA, EDH-DSS-DES-CBC-SHA
>
> Can you try this?
>
> SSLCipherSuite
>ALL:!ADH:!DES-CBC-SHA:!DES-CBC-MD5:!EDH-RSA-DES-CBC-SHA:!EDH-DSS-DES-CBC-SHA:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
>
> If anyone else can test this line with various browsers (especially
> 56-bit versions), it would be helpful, too.
Oops, forgot to post the link to the Thawte site where I found the
information:
http://www.thawte.com/support/server/apachessl.html#IE5
I couldn't find any useful information on the Verisign site, which is why
we get our certs from Thawte even though they're the same company. Not to
mention that the certs from Thawte are cheaper.
-Dave
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
