There is a patch at
http://www.microsoft.com/windows/ie/security/schannel.asp
Which says "The version of Internet Explorer 5.01 that is released on the
Web contains an incorrect internal key in the Schannel.dll file. This may
cause programs and services on your computer that use Secure Socket Layer
(SSL) or Security Support Provider Interface (SSPI) to no longer function.
Installing this update will eliminate this problem by providing you with a
corrected Schannel.dll file. If you have installed high (128-bit) encryption
on your computer, you do not need to install this update".
I've also noticed this problem with IE4.01, which I fixed for one user by
upgrading to 128bit encryption.
There is a fix available for "SGC cryptography" (q249863i.exe). This answers
a question posted by James Lyon ([EMAIL PROTECTED]) entitled "IE4 okay
with latest mod_ssl" which is very much related. Details are at
http://support.microsoft.com/support/kb/articles/Q249/8/63.ASP?LN=EN-US&SD=g
n&FR=0
Bottom line - neither is a problem with Apache-mod_ssl but a problem with
Microsoft's implementation of SSL!
John
-----Original Message-----
From: Taglang, Guillaume [mailto:[EMAIL PROTECTED]]
Sent: 25 May 2000 15:53
To: '[EMAIL PROTECTED]'
Subject: IE with 56 bits encryption
Hi all,
We received a SuperCert from thawte for 3 days we installed it on the
server modify the server config file, and great all works fine ! 128 bits
encryption for IE and Netscape. But, when we try to access to the site with
an older browser (IE 5.0 with 56 bits encryption) an error occured. We make
some test and this is the results (when we access the site with the IP
adress, it says that the certificate do not match the name of the site) :
|https:// |https://
| 1.12.123.1/ | www.foo.com/
--------------------------------------------------
IE (128 bits | work | work
encryption) | |
--------------------------------------------------
IE (56 and 40| | don't
bits | work | work
encryption) | |
--------------------------------------------------
Netscape (128| work | work
encryption) | |
--------------------------------------------------
Netscape (56 | |
and 40 bits | work | work
encryption) | |
This is an extract of my config file :
[...]
<IfDefine SSL>
Listen 1.12.123.1:443
NameVirtualHost 1.12.123.1:443
</IfDefine>
[...]
<IfDefine SSL>
<VirtualHost 1.12.123.1:443>
ServerName www.foo.com
ServerAdmin [EMAIL PROTECTED]
DocumentRoot "/path/to/htdocs"
ErrorLog /path/to/error_log
TransferLog /path/to/access_log
<Directory />
Options Indexes FollowSymLinks
AllowOverride None
</Directory>
SSLEngine on
SSLCertificateFile /path/to/server.crt
SSLCertificateKeyFile /path/to/server.key
SSLLogLevel info
SSLLog /path/to/ssl_engine_log
</VirtualHost>
</IfDefine>
If you have any idea, suggestion, solution, let me know.
Thanx
Guillaume
---
[EMAIL PROTECTED]
[EMAIL PROTECTED]
___[_]___
(. .)
...oOOo..(_)..oOOo...
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
