Contribute  :  Calendar  :  Advanced Search  :  Site Statistics  :  Directory  :  Web Resources  :  Polls  
    Nat's Geeklog Just another brick in the Geeklog wall    
advanced search  
User Functions
:

:

Don't have an account yet? Sign up as a New User
Lost your password?
Topics
Home
Beer (1/0)
Computer Tech Stuff (9/0)
General News (9/0)
GeekLog (1/0)
UNIX (10/0)
Money (2/0)
WWW (10/0)
Moonwalks (1/0)
SciFi (1/0)
What's New
STORIES
No new stories

COMMENTS last 2 days
No new comments

LINKS last 2 weeks
No recent new links

Older Stories
Thursday 08-Jun
Wednesday 07-Jun
Sunday 04-Jun
Tuesday 21-Mar
Monday 09-Jan
Tuesday 27-Dec
Sunday 18-Dec
Saturday 10-Dec
 Welcome to Nat's Geeklog
 Wednesday, March 10 2010 @ 03:12 AM CST

Apache: Handling weak browsers

    
Tuesday, April 28 2009 @ 04:42 PM CDT
Contributed by: nat
Views: 86
Computer Tech StuffNormally most webservers these days that hold sensitive information allow SSL ciphers of 128 bit or higher. However, it would be nice to redirect older browsers to a different page, suggesting that they upgrade their browser to one supporting decent encryption. This can be done in Apache with mod_rewrite and enabling lower strength ciphers. Read on to see example configuration code...

The following belongs in your SSL VirtualHost: 
# if the SSL key does not contain 3 characters
RewriteCond %{SSL:SSL_CIPHER_USEKEYSIZE}  <128
# AND there were some arguments in the URL (it was followed by ?something)
RewriteCond %{QUERY_STRING} .
# Redirect to lowcrypt, passing the requested URL as an argument with the
# original args (QUERY_STRING) intact
RewriteRule .*  http://lowcrypt.gatech.edu/index.php?https://%{SERVER_NAME}%{REQUEST_URI}?%{QUERY_STRING} [R,NE,L]

# if the key does not contain 3 characters
RewriteCond %{SSL:SSL_CIPHER_USEKEYSIZE} <128
# Redirect to lowcrypt, passing the requested URL as an argument
RewriteRule .*  http://lowcrypt.gatech.edu/index.php?https://%{SERVER_NAME}%{REQUEST_URI} [R,NE,L]

# You can tweak this to your liking, but here is a rather permissive example
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+SSLv2:+EXP:+eNULL
Note that to test this with firefox, I had to do the following to allow weak ciphers and disable strong ones:
  1. Point the Firefox browser to, "about:config"
  2. For filter, enter "ssl"
  3. Disable SSL v3 by setting "security.enable_ssl3 = false"
  4. Enable SSL v2 by setting "security.enable_ssl2 = true"
  5. I found that I had to go in and actually enable an SSL V2 cipher as well: "security.ssl2.rc2_40 = true"
Works great!
 
What's Related

Story Options

Apache: Handling weak browsers | 0 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
 Copyright © 2010 Nat's Geeklog
 All trademarks and copyrights on this page are owned by their respective owners.		 Powered By Geeklog 
Created this page in 0.13 seconds