[Gllug] Apache server gated cryptography

Tethys tet at accucard.com
Mon Nov 11 17:23:56 UTC 2002


We have a requirement to only allow 128 bit or higher and SSLv3 only
connections to one of our web sites. Easy, you say, just add:

	SSLCipherSuite !SSLv2:HIGH:MEDIUM

to httpd.conf. However, that immediately prevents anyone using IE from
connecting. IE uses "server gated cryptography" -- it initially connects
at 40 bits and then renegotiates to stronger encryption before any data
is transferred. Has anyone managed to get this working? The mod_ssl
documentation here:

	http://www.modssl.org/docs/2.2/ssl_howto.html#ToC4

says that adding:

	SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128

should work. But it doesn't for me. It just means that IE users still
can't connect. Any ideas?

Tet

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list