You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The README suggests it is possible to have Apache redirect users with insufficiently secure SSL/TLS stacks to some specific page indicating the problem.
This will only work if Apache is set to allow the lesser cipher strengths in its SSL configuration, then use this redirect to point the user elsewhere. Since the user has already transmitted their request data at this point, it is too late in the request to realistically protect anything about the request (session cookies, authentication data).
If one is really concerned about allowing use of lower strength ciphers then this isn't going to work very well, and they should be omitted from the SSL configuration. This will of course cause a SSL handshake error for some clients.
The text was updated successfully, but these errors were encountered:
The README suggests it is possible to have Apache redirect users with insufficiently secure SSL/TLS stacks to some specific page indicating the problem.
http://httpd.apache.org/docs/current/mod/mod_ssl.html#envvars describes the SSL related environmental variables that could be used as part of a
RewriteCondandRewriteRule(http://httpd.apache.org/docs/current/mod/mod_rewrite.html) to redirect users based on their SSL capabilities.The RewriteRule would look something like:
This will only work if Apache is set to allow the lesser cipher strengths in its SSL configuration, then use this redirect to point the user elsewhere. Since the user has already transmitted their request data at this point, it is too late in the request to realistically protect anything about the request (session cookies, authentication data).
If one is really concerned about allowing use of lower strength ciphers then this isn't going to work very well, and they should be omitted from the SSL configuration. This will of course cause a SSL handshake error for some clients.
The text was updated successfully, but these errors were encountered: