I am running an Apache server with open_ssl and a verisign global
certificate. I want to assure my users connect with 128-bit encryption, so I
added the following directive to the server conf:
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >=128
This works fine with Netscape 40-bit and 128-bit. It also works fine with
IE4 and IE5 40-bit or 128-bit. But, when users try to access with IE5 56-bit,
they are presented with a "Server Cannot be Found" error.
My ssl_error log gives me the following message:
SSL requirement expression not fulfilled
Is there a way to let these people in without downgrading security? Or, at
least a way to sniff out this version of IE before they get to the secure
pages?
|
- IE5 56-bit Error Andy Doggrell
- Re: IE5 56-bit Error Andy Doggrell
- Re: IE5 56-bit Error Bill Moran
- Expired Client Certificate Wil Boucher
- Re: Expired Client Certificate Ralf S. Engelschall
- Re: Expired Client Certificate Wil Boucher