I've seen a couple of posts on this subject, but a search of the FAQ & the message archives didn't turn up anything (or my search criteria is suspect? ;->)
I want to force the server into using only the RSA-RC4 128 bit cipher, but I want to redirect clients using other ciphers to a 'more-informative' page regarding why I won't let them in.
I've seen that you can use the SSLRequire directive to attempt this, but it required that your server support all ciphers, then use the SSLRequire to check cipher size & ciphter type, finally use the ErrorDocument directive to send the 403 error somewhere else. Unfortunately, this doesn't work if your SSL doesn't support all ciphers (i.e. compiling out various OpenSSL ciphers). Additionally, general 403 errors will be taken to the same page & thus, the information is just as ambiguous as the standard error message from the browser?
It would seem to me that there ought to be an easy way to detect an SSL handshake error & redirect them back to an HTTP site.....
Any ideas?
- Bob
------------------------------------------------------
Bob Burns Zaxus
[EMAIL PROTECTED] 1-888-744-4976, X6510
(local) 1-954-846-6510
------------------------------------------------------
