David Rees wrote:
>
> On Thu, Sep 07, 2000 at 02:48:36PM -0700, Dan Roscigno wrote:
> >
> > The way to debug the problem is to watch the ssl_engine log. When an IE
> > browser connects you might see that it is negotiating an
> > EXP1024-DES-CBC-SHA which does not work. Next it will negotiate
> > EXP1024-RC4-SHA which also will not work. Basically just find out what
> > does not work with IE and put a '!' in front of it. Next test with
> > other browsers to make sure that the IE fix does not break other
> > browsers.
>
> Interesting... Do you know which versions of IE fail on those EXP1024
> ciphers?
>
I did some troubleshooting for Verisign on this (would you believe that
they refused to debug the problem and told me to contact Microsoft!).
At least this browser fails:
The build number for the 56 bit encryption version of IE is
5.00.2920.0000 (note that the 128 bit version of the same build works
fine).
After I disabled the two ciphers I tested with all versions of IE and
Netscape that I could get a hold of and none were broken. Supposedly
now Verisign will give out this information if people contact their tech
support for help with mod_ssl and the step-up certs.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
