> Need help with an issue. I need to be able to detect the users > encryption level set in there browser. If the users browser > does not support 128 bit encryption, I'm gonna bump them to > a page telling them to upgrade their browser. > > I know there is a cgi environment variable (https_keysize), > but that only functions on a secure page (https). If the users > browser is 40 bit, they can't get to the https page for me to > able to use this variable.
To the best of my knowledge, you can't do this using standard CGI variables. You can have an HTTP page that you use as a gateway to HTTPS, which explains what will happen if they don't support 128-bit encryption, but that's it. However, you could allow the page to use 40-bit encryption, which would get around the problem. I believe (though I'm not entirely sure) that, in IIS at least, you can simply enable encryption, and if both browser and server support 128-bit keys, they'll be used. If not, they'll use 40-bit keys. Of course, if you check the "Require 128-bit keys" option in IIS, that won't work. > Any ideas? I was also thinking of maybe doing a browser detect... > but I'm not certain if users could have upgraded their security > levels and not their browsers. I don't think that'll help, since at least with IE, security is dependent on an OS component rather than on the specific browser version. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ Get Your Own Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionb FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
