> >Curious, according to the docs, it shouldn't allow those browsers to
> >connect. Are you using one of the step-up certificates from Verisign?
>
> So I'm told by the guy who acquired our certificates from Verisign. How do
> I tell?
I'm not sure, does anyone else know?
> >Do you also have the following lines installed?
> >
> >SSLCipherSuite
> >ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> >
> >SetEnvIf User-Agent ".*MSIE.*" \
> > nokeepalive ssl-unclean-shutdown \
> > downgrade-1.0 force-response-1.0
> >
> >If you do, could you try it without "SSLRequire %{SSL_CIPHER} >=
> 128", I'm
> >not convinced that the SSLRequire makes a difference.
>
> I do have those lines installed, and it was giving me all the decryption
> errors, which only went away once I added the SSLRequire.
OK, Looks like another item for the FAQ. Ralf, can you add something for
Decryption errors when using Verisign Step Up certs? It looks like when
using Verisign step-up certs, they require the line: "SSLRequire
%{SSL_CIPHER} >=
> 128" to work properly on all browsers.
-Dave
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
