You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "William C. Mount" <Mo...@cat.com> on 2004/07/20 18:02:09 UTC

[users@httpd] Customer SSL Error responses.

Hello all,
  This is my first post to the apache group..

We are in the middle of upgrading our secure webservers (mainly iplanet 4/6
and apache 1.3) to only allow 128bit and higher ssl encryption.

I've successfully gotten apache to only accept 128 and higher.  However, in
iplanet, if someone goes to https://www.url.com and they're browser only
supports 56bit, they get a customer error page located in
/netscape/iplanet6-x.home/docs/EncryptionError/encryptionerror.html

Is there a way in apache to do this?  Currently, if I use a 56 browser to
go to a 128bit or higher site, I get an error "Netscape and this server
cannont communicate securely because they have no common encryption
algorithm(s)."

Instead of that error message, I want apache to display this
encryptionerror.html page.  What do I need to change in the httpd.conf?

Thanks,
William C. Mount RHCE
Webserver Operations
Global IT Solutions
Caterpillar Inc.
600 W. Washington St.
East Peoria IL,  61630
(309) 675-3031 - Desk
(309) 256-7045 - Cell
mountwc@cat.com




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] Re: Customer SSL Error responses.

Posted by FloSoft <Fl...@gmx.de>.

-----BEGIN PGP SIGNED MESSAGE-----

Hi,
i think its not possible this way, because the SSL-Negotiation is
done before the request is sent. Perhaps you have to use an Server
who accepts ALL kind of encryption and then you can filter it. Those
with 128bit or higher are sent internally to the "real" server, the
other ones are sent to the error-page. But i think so you need 2
Server IP's, cause mod_SSL is not very "virtualhost-friendly" :-)
"William C. Mount" <Mo...@cat.com> schrieb im Newsbeitrag
news:OF55062EE8.FE354C17-ON86256ED7.0057C072-86256ED7.005821B7@cis.cat
.com...
> Hello all,
>   This is my first post to the apache group..
>
> We are in the middle of upgrading our secure webservers (mainly
> iplanet 4/6 and apache 1.3) to only allow 128bit and higher ssl
> encryption.
>
> I've successfully gotten apache to only accept 128 and higher.
> However, in iplanet, if someone goes to https://www.url.com and
> they're browser only supports 56bit, they get a customer error page
> located in
> /netscape/iplanet6-x.home/docs/EncryptionError/encryptionerror.html
>
> Is there a way in apache to do this?  Currently, if I use a 56
> browser to go to a 128bit or higher site, I get an error "Netscape
> and this server cannont communicate securely because they have no
> common encryption algorithm(s)."
>
> Instead of that error message, I want apache to display this
> encryptionerror.html page.  What do I need to change in the
> httpd.conf?
>
> Thanks,
> William C. Mount RHCE
> Webserver Operations
> Global IT Solutions
> Caterpillar Inc.
> 600 W. Washington St.
> East Peoria IL,  61630
> (309) 675-3031 - Desk
> (309) 256-7045 - Cell
> mountwc@cat.com
>
>
>
>
> --------------------------------------------------------------------
> - The official User-To-User support forum of the Apache HTTP Server
> Project. See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQCVAwUBQP6cL8a99vJRRkghAQHJ1AQAnC35/JT5hh70JBfa2sn6iuDmiA59IZZ/
riwpetUJbTLl7t+pyRDqyeMjOngeY1HpH6K+FBWNw7wdNKCLNuEBxcH0H2w7ArrL
BwG6GgE2puADDGjKOHE5xfxJf9A/8lxGhkvudxOjFgyQs9Buwa1m4VCZjsnLwx35
JNGUZ/7he3g=
=Yf1W
-----END PGP SIGNATURE-----




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org