On 08/20/2009 03:40 PM, Brian Mearns wrote:
On Thu, Aug 20, 2009 at 3:24 PM, Sander Temme<[email protected]> wrote:
On Aug 20, 2009, at 3:16 PM, Brian Mearns wrote:
For the sake of security, I'd like to configure my SSL/TLS server to
not allow export level ciphers (using the SSLCipherSuite directive).
Is this going to realistically limit the number of people who can use
a secure connection to my site? Specifically, will visitors from other
countries (outside the US) be able to support the stronger
(non-exportable) ciphers?
You can configure a logfile to record what ciphers your users are currently
using, and draw conclusions from that.
S.
[clip]
Good idea, but I'm not currently getting many users. I'm thinking in
the long term, I don't want to lock out potential visitors just
because they're using weak crypto.
-Brian
Brian,
Have you considered using Apache's "SGC"? There's a nice little blurb
about it in the Apache Docs.[
http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html#upgradeenc ]
"How can I create an SSL server which accepts strong encryption only,
but allows export browsers to upgrade to stronger encryption?"
--Sal
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [email protected]
" from the digest: [email protected]
For additional commands, e-mail: [email protected]
