Good morning, Our company has been noticing quite a few ssl errors in our http logs, we have had SSL3 disabled due to a bug in internet explorer 5.x I'm sure you're all aware of, but lately it seems more and more browsers are disabling SSL2, probably due to some vulnerabilities, and IE6 has TLS1 disabled by default, so the only thing these newer browsers are accepting is SSL3. The only way I can think of to allow all browsers is by running two different https servers, on different ports, same domain, one with SSL3 enabled where the IE6 clients (with SSL2 disabled) will be sent, the other with SSL3 disabled where IE5.x clients will be sent. My first question is, will this work? I see some discussion about problems with multiple https ports on the same server, they would all be on the same certificate/domain. Second question: is there a better way of overcoming this problem? Can I put something in the httpd.conf that says "if IE6, allow SSL3, otherwise don't"? My google searches have yielded nothing. I'd appreciate any input from anybody dealing with this issue.
Regards, Jeffrey Moss [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
