[ale] Apache+mod_ssl: custom err page to indicate low-gradeencryption
Jerry Z. Yu
z.yu at ptek.com
Fri Mar 23 10:01:32 EST 2001
thanks, Chris. I will double check the FAQ. By any chance, are you
referring to the GlobalID thing? It requires a different type of
certificate from Versign and cost somewhat more. "It currently costs you
$695,00", according to README.GlobalID shipped with mod_ssl tar ball,
versus a regular ID of ~$250. And this may only resolve those browsers
capable of 'step-up' from export-grade to 128-bit.
I was thinking of a CGI/servlet type to detect the negotiated SSL session
keylength or cipher suite used, then redirect to err page or real page
depending on the highest possible grade the browser can do. I tried to get
%ENV from a CGI and it doesnot have these pertinent information besides
HTTPS='on'. Since fortify.net's browser detection seems to be a CGI, I
guess it is doable. not quite sure if they need to do some hack on their
mod_ssl installation or httpd.conf, though.
On Thu, 22 Mar 2001, Chris Ricker wrote:
#On Thu, 22 Mar 2001, Jerry Z. Yu wrote:
#
#> I have Apache+mod_ssl on linux, forcing 128-bit encryption. I am looking
#> for solutions to be able to provide a customized error page asking users
#> to upgrade their browsers if the browsers falls under 128-bit. It gets
#> really annoying with IE since it gives this 'generic' cover-all error
#> page.
#>
#> Since Apache + mod_ssl has been used commerically a lot, I assumed this
#> should be common problem. but search on Deja or ssl man page didn't turn
#> up much.
#
#Have you checked the FAQ on modssl.org? I think I saw something along those
#lines there....
#
#later,
#chris
#
#--
#Chris Ricker kaboom at gatech.edu
# chris.ricker at genetics.utah.edu
#
Jerry Z. Yu +1-404-262-8544 (O)
Systems Engineer https://punch
IS Support, Voicecom, www.voicecom.com
A business unit of PTEK Holdings, Inc. www.ptek.com
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-
Manage all your important communications ==\
and information in one place using ===> www.orchestrate.com
Voicecom's Orchestrate 2000 service. ==/
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list