Dave,
>Use this:
>
>SSLProtocol all
>BrowserMatch "MSIE" nokeepalive ssl-unclean-shutdown downgrade-1.0
>force-response-1.0
This did not work. IE 5.0 Mac gave 'data encryption errors'.
>SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
> ^^^^^^
>
>Notice that you should have !EXPORT56 configured, !EXP56 does not work.
I made this change, but it did not make any noticeable difference.
Thanks,
Tim
>
>-Dave
>
>
>> -----Original Message-----
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED]]On Behalf Of Tim Gardner
>> Sent: Monday, July 09, 2001 11:34 AM
>> To: [EMAIL PROTECTED]
>> Subject: Use SSL 3.0 checked but not 2.0
>>
>>
>> I am using red hat linux with:
>> openssl 0.9.5a 1 Apr 2000
>> mod_ssl-2.7.1-3
>> mod_perl-1.24-6
>> apache-1.3.14-3
>>
>> In httpd.conf I have cobbled together (without fully understanding)
>> the following from suggestions on this list and in the faq:
>>
>> SSLProtocol all -SSLv3
>> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
>> downgrade-1.0 force-response-1.0
>> SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
>>
>> Everything seems to be working great EXCEPT that a couple users with
>> IE 5.0 have only checked
>> Tools:Internet Options:Advanced:Security:Use SSL 3.0 checked
>>
>> But unless Use SSL 2.0 is also checked, they can't connect to my site.
>>
>> Is there a way I can modify httpd.conf to allow SSL 3.0 connections
>> too without breaking what is already working for everyone else?
>>
>> Thanks,
>> Tim
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
