Hi,
David Rees wrote:
> Hi,
>
> I found a good workaround to this problem. Instead of changing SSLProtocol
> to "all -SSLv2", you can make your SSLCipherSuite line read:
>
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
>
The other way is to recompile openssl 0.9.5 with
TLS_ALLOW_EXPERIMENTAL_CIPHERSUITS set to 0 instead of 1 in file ssl/tls1.h...
That is the change that was made in 0.9.4->0.9.5 transition that gives us all
this problems with IE 5.01... So we were under experiment :) The world
EXPERIMENTAL clearly suggests that support for this ciphersuits is
incomplete... Can somebody from openssl team comment?
Oleg
>
> Which is the default with the addition of !EXPORT56. I tested on all the
> various browsers we had around here, and it seems to work for all browsers.
>
> Ralf, maybe we can get this in the FAQ or somewhere else easy to find until
> the proper software fix is released? This is quite a showstopper for a
> large number of people.
>
> -Dave
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
