Right, Problem solved. I took the suggestion, and read the FAQ. Adding:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL To my VirtualHosts appears to fix the problem (now I can delete about 10Gig's worth of VMWare VM's) As it happens, yes, we do have Secure Site Pro from Verisign, although as every day passes, I wish we had stuck with Thawte. For some reason we never had problems like this until now (which is why I never really bothered investigating mod_ssl too much). Of-course Verisign couldn't care less. I really should publish a book containing a full account of my dealings with verisign. It would be a comedy hit. Anyway, in conclusion, thanks everyone who replied - I got this sorted out faster than I thought I would thanks to you guys. Regards, L On Fri, 21 Jun 2002 20:33:05 +0100 "Peter Viertel" <[EMAIL PROTECTED]> wrote: > The problem here as usual is that he HAS got a SGC certificate - and > some ie's barf unless you drop EXPORT56 from your offering when you have > one of those certs. > > not worth the money as far as I'm concerned, not even when getting > thawte's one. I feel its a scam the way they sell SGC's as some sort of > premium security prouct when all they're doing is enabling functionality > the browser already has. These were designed for another purpose > altogether before the USA relaxed its crypto export rules a few years ago. > > Thomas Binder wrote: > > >Hi! > > > >On Fri, Jun 21, 2002 at 08:39:04AM -0700, David Wall wrote: > > > > > >>You could also consider getting a Thawte "super cert" which has > >>a capability to allow the 56-bit export version of IE to not be > >>so stupid and connect at the higher 128-bit when accessing your > >>site. > >> > >> > > > >Just for the record, Thawte's "Super Certs" are what VeriSign > >calls "Secure Site Server Pro (Global) ID". But they are quite a > >lot cheaper. > > > > > >Ciao > > > >Thomas > >______________________________________________________________________ > >Apache Interface to OpenSSL (mod_ssl) www.modssl.org > >User Support Mailing List [EMAIL PROTECTED] > >Automated List Manager [EMAIL PROTECTED] > > > > > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- Louis Sabet <[EMAIL PROTECTED]> http://www.webtedium.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
