We've been testing mod_ssl to verify client certificates. Some users were having difficulty getting into the site with their Netscape browsers. The reason for this appears to be the "SSLRequire" expression which includes (in part) SSLRequire %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ I had actually copied this blindly from the mod_ssl examples (and am now paying the appropriate price for copying blindly :-)) The users who were having access problems have these values: SSL_CIPHER = EXP-RC4-MD5 Whereas, most of the (IE) users had these values SSL_CIPHER = EXP1024-RC4-SHA The SSLRequire regex blocks the first cipher, but allows the second one to go through. Can anyone expound a bit on the logic of this expression? Is it course filter to keep out certificates with "export quality" encryption or none at all? Is "EXP1024" and export quality encryption? Any rules of thumb, general impressions, or references in this area would be appreciated. Thanks! Dave Benjamin [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]