Directing users wihtou enough encryption capability

Hi,

I'm trying to do the following:

I have a site with strong encryption, demanding 128 bit encryption with:
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128

A lot of users don't have browsers with 128 bits encryption capabilities, so wat I would to do is:

When a user cannot use 128 bits encryption, he/she should be redirected to a page with info about upgrading, in stead of just getting no connection.

Any idea how to do that?

Cheers,
Jeroen.

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Directing users wihtou enough encryption capability

Hi!

On Mon, Aug 19, 2002 at 11:02:08AM +0200, Jeroen Vriesman wrote:
> I have a site with strong encryption, demanding 128 bit encryption with:
> SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
>
> A lot of users don't have browsers with 128 bits encryption
> capabilities, so wat I would to do is:
>
> When a user cannot use 128 bits encryption, he/she should be
> redirected to a page with info about upgrading, in stead of just
> getting no connection.
>
> Any idea how to do that?

Use mod_rewrite. I've posted several examples some weeks ago, they
should still be in the list's archive, search for RewriteRule.


Ciao

Thomas


--
For a light heart lives long.
-- Shakespeare, "Love's Labour's Lost"
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Resetting passphrase

I (stupidly) forgot what my passphrase is for a server cert I have
created using OpenSSL. The cert is certified by verisign. Is there a way
I can reset the passphrase WITHOUT recreating the cert?

Ben Ricker
Wellinx, Inc.

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Directing users wihtou enough encryption capability

One way option is along these lines:

ErrorDocument 403


SSLOptions +StrictRequire
SSLRequire %{SSL_CIPHER_USEKEYSIZE} > 128


> > I have a site with strong encryption, demanding 128 bit
> encryption with:
> > SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
> >
> > A lot of users don't have browsers with 128 bits encryption
> > capabilities, so wat I would to do is:
> >
> > When a user cannot use 128 bits encryption, he/she should be
> > redirected to a page with info about upgrading, in stead of just
> > getting no connection.
> >
> > Any idea how to do that?
>
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Resetting passphrase

you have only one option - renew the certificate....

you have to pay up again, and submit a new csr based on a new key, but
with identical certificate information.
not sure about verisign, but at least with thawte the renewal adds a
year to the expiry date of the previous certificate, so at least you're
not losing money on the deal, you're just renewing earlier than needed.


Ben Ricker wrote:

>I (stupidly) forgot what my passphrase is for a server cert I have
>created using OpenSSL. The cert is certified by verisign. Is there a way
>I can reset the passphrase WITHOUT recreating the cert?
>
>Ben Ricker
>Wellinx, Inc.
>
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org
>
>


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org