On Mon, Jul 03, 2000, David Rees wrote:
> I found a good workaround to this problem. Instead of changing SSLProtocol
> to "all -SSLv2", you can make your SSLCipherSuite line read:
You mean "all -SSLv3", right? AFAIK SSLv3 is the problem, because if SSLv2 is
the problem for IE, we don't have a problem. An "SSLProtocol all -SSLv2"
would be even reasonable to use and I would not call it a workaround ;)
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
>
> Which is the default with the addition of !EXPORT56. I tested on all the
> various browsers we had around here, and it seems to work for all browsers.
>
> Ralf, maybe we can get this in the FAQ or somewhere else easy to find until
> the proper software fix is released? This is quite a showstopper for a
> large number of people.
I've both added it to the FAQ now _and_ set this per default in the
pre-configured httpd.conf-dist. This way we are maximum conservative and
can perhaps avoid problems in the future.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
