On Fri, Oct 27, 2000 at 02:30:46PM -0400, Burns, Robert wrote:
> I want to force the server into using only the RSA-RC4 128 bit cipher, but I
> want to redirect clients using other ciphers to a 'more-informative' page
> regarding why I won't let them in.
> It would seem to me that there ought to be an easy way to detect an SSL
> handshake error & redirect them back to an HTTP site.....
That should be difficult to realize. If the handshake fails, the client
will not continue the connection and will rather show a connection failure
to the user instead of an informative error page.
The TLS/SSL way of handling that condition is that a "no shared cipher" error
will be flagged and the handshake will be terminated unsuccessfully.
I did not check the source of mod_ssl down to the bits, but I would think
that your problem won't easily be solved.
I for myself would compile in all ciphers and then would use PHP to check
the SSL* environment variables and have an error page "painted" if no
satisfying cipher was negotiated.
If PHP (or a similar solution) is not available, you always have the source
code and can realize everything you want. (That's why I love OpenSource
software :-)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
