> May not be the answer you're looking for, but have you read/tried the > advice in this section of the manual? > > http://www.modssl.org/docs/2.8/ssl_faq.html#io-ie
Yes, we have had it configured this way for a couple years or so. The problem now is that people are starting to disable SSL2, if you're wondering how many of these you're getting, look for this in your logs: [Thu Feb 13 12:04:23 2003] [error] mod_ssl: SSL handshake failed (server *****.*******.com:443, client 66.20.223.3) (OpenSSL library error follows) [Thu Feb 13 12:04:23 2003] [error] OpenSSL: error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number I am pretty sure this is internet explorer saying "I want to use SSL3 and only SSL3" and my server has SSL3 disabled. I spoke with a customer who had the IE error page, and sure enough he had SSL2 and TLS1 disabled, only SSL3 was enabled, so what is there to do about this, other than running two separate apaches? > > Good morning, > > > > Our company has been noticing quite a few ssl errors in our http logs, > > we have had SSL3 disabled due to a bug in internet explorer 5.x I'm sure > > you're all aware of, but lately it seems more and more browsers are > > disabling SSL2, probably due to some vulnerabilities, and IE6 has TLS1 > > disabled by default, so the only thing these newer browsers are > > accepting is SSL3. The only way I can think of to allow all browsers is > > by running two different https servers, on different ports, same domain, > > one with SSL3 enabled where the IE6 clients (with SSL2 disabled) will be > > sent, the other with SSL3 disabled where IE5.x clients will be sent. My > > first question is, will this work? I see some discussion about problems > > with multiple https ports on the same server, they would all be on the > > same certificate/domain. Second question: is there a better way of > > overcoming this problem? Can I put something in the httpd.conf that says > > "if IE6, allow SSL3, otherwise don't"? My google searches have yielded > > nothing. I'd appreciate any input from anybody dealing with this issue. > > > > Regards, > > > > Jeffrey Moss > > [EMAIL PROTECTED] > > > > > > > > > > > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > =========== > Alan Sparks, UNIX/Linux Systems Administrator <[EMAIL PROTECTED]> > > > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
