[Gllug] Apache server gated cryptography
Tethys
tet at accucard.com
Mon Nov 11 17:23:56 UTC 2002
We have a requirement to only allow 128 bit or higher and SSLv3 only
connections to one of our web sites. Easy, you say, just add:
SSLCipherSuite !SSLv2:HIGH:MEDIUM
to httpd.conf. However, that immediately prevents anyone using IE from
connecting. IE uses "server gated cryptography" -- it initially connects
at 40 bits and then renegotiates to stronger encryption before any data
is transferred. Has anyone managed to get this working? The mod_ssl
documentation here:
http://www.modssl.org/docs/2.2/ssl_howto.html#ToC4
says that adding:
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
should work. But it doesn't for me. It just means that IE users still
can't connect. Any ideas?
Tet
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list