Hi!
On Fri, Jan 18, 2002 at 05:49:46PM +0100, [EMAIL PROTECTED] wrote:
> > SSLRequireSSL
> > SSLRequire ( %{SSL_CIPHER_USEKEYSIZE} >= 128 )
>
> with this option, the user gets no https connection if he has <
> 128 bit. but the user should get a error page. so it must be
> possible to establish a connection with <128 bit but redirected
> to the error page.
Try the following (inside <directory>...</directory):
SSLOptions +StdEnvVars
RewriteBase absolute-filesystem-path-to-directory
RewriteCond %{ENV:SSL_CIPHER_EXPORT} "^true$"
RewriteRule ".*" /noexport.html
Now, when someone accesses your directory with an export browser,
(s)he will be redirected to the page /noexport.html, which may
then explain what's wrong.
Directly checking the key size is a bit tricky, as RewriteCond
only offers lexical comparison, but you'd need numerical for that
purpose, as for example 56 is lexically greater than 128, thus
>127 won't work as expected. Maybe someone else knows an elegant
solution.
Ciao
Thomas
--
I should have been a country-western singer. After all, I'm older than
most western countries.
-- George Burns
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
