|
We are about to introduce client certificates for (optional) authentication.
... SSLOptions +StdEnvVars +ExportCertData SSLCACertificateFile conf/ssl.crt/ca.crt SSLVerifyClient optional SSLVerifyDepth 4 ... Unfortunately Safari@mac has "problems" (apparently a bug) connecting to Apache
http://serverfault.com/questions/259610/could-not-establish-a-secure-connection-to-server-with-safari
Is there an alternative to the SSLInsecureRenegotiation flag? What I'd like to do is something like <If "%{HTTP_USER_AGENT} !~ /Safari/"> SSLCACertificateFile conf/ssl.crt/ca.crt SSLVerifyClient optional SSLVerifyDepth 10 </If> How "insecure" is the SSLInsecureRenegotiation flag? Any help/advice appreciated - Clemens |
|