RE: Problem with Apache/SSL and IE.

Tue, 06 Jun 2000 14:04:43 -0700 

William,

Thanks for your help.  I am going to require users to download the high
encryption pack for IE if they wish to use the secured version of the
website.

Thanks again,
Asser

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Wallace, William
Sent: Tuesday, June 06, 2000 9:41 AM
To: '[EMAIL PROTECTED]'
Subject: RE: Problem with Apache/SSL and IE.

This may be a known bug in IE. See
http://www.microsoft.com/windows/ie/security/schannel.asp for more
information.

-----Original Message-----
From: Asser Moustafa [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 05, 2000 5:15 PM
To: [EMAIL PROTECTED]
Subject: Problem with Apache/SSL and IE.


Yello again!

Not sure if this got to anyone the first time (I hadn't registered with the
group yet).

I am running an Apache+mod_ssl+openssl webserver that uses a Verisign Global
ID (128 bit/128 bit secret key).  Some Internet Explorer users with low
cipher strengths (i.e. 40 bit or 56 bit) are having trouble using the
secured version of the website.  Internet Explorer displays the "friendly"
error page that states the web page cannot be viewed.  Once the user
downloads the high encryption pack from Microsoft's website, however, they
can view the secured version of the website to their heart's content.
According to everything I have read, Apache and the browser are supposed to
negotiate the cipher strength (referred to as Server Gated Cryptography by
Microsoft and "stepping up" by Netscape) and then talk at 128 bit cipher
strength.  However, I examined the Apache logs and no such negotiation takes
place.  I have Apache setup to allow all forms of cipher strengths with the
SSLCipherSuite directive.  Currently, Netscape shows no sign of such
behavior.

Any help or guesses provided would be greatly appreciated.

Thanks in advance,
Asser

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to