issue should be solved by replacing management who thinks IE6 is a good idea. no really the browser should be irrelevant in any http solution. On 9 August 2016 at 17:58, Christopher Schultz <chris@xxxxxxxxxxxxxxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Daniel, > > On 8/3/16 4:55 AM, Daniel wrote: >> No, by the time the user agent or any actual http data gets to be >> seen the protocol/cipher and complete ssl connection has already >> been stablished. >> >> 2016-08-02 23:26 GMT+02:00 ghost <ghost@xxxxxxxxxxxxxx >> <mailto:ghost@xxxxxxxxxxxxxx>>: >> >> Hello there, >> >> I was trying to show a notice page to IE6 users since my site >> doesn't support SSLv3 anymore. And the problem is how to enable >> SSLv3 only for IE otherwise the IE6 users won't be able to see the >> page. >> >> I found some tricks about '<location>' in the documentation, which >> allows me to set different protocol and cipher suites for >> particular URL. I wonder if there is a method to set the protocol >> for particular UA? >> >> Thanks, ghost > > There *is* a way to do this.. kind of. I did it long ago when we were > thinking about changing our protocol support, etc. I no longer have > the configuration, so I'll explain what we did: > > 1. Configure mod_ssl for the lowest protocol/ciphers you will support > 2. Use <Directory> and/or <Location> to change the TLS protocol > requirements for truly sensitive communication > 3. Use mod_rewrite to check for certain protocols / ciphers and > redirect to a "protocol support is being dropped" page > 4. Set a cookie when the user ACKs the protocol support change > > It's messy, but it works. > > The real solution is to simply disable SSLv3 since everybody has done > it already. MSIE6 can just die. > > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJXqf2XAAoJEBzwKT+lPKRYfiYP/3/2pY4U3V4YFCEkpY/N7VjP > uTO7PWb8f7GvNW7X0BT0RMkq1bhdw1N8lV6xWfouMgOAjwPYoHjLMHOyDFIdJUu/ > 5CA77bt7k4tijXHqJE3eINY4MJZ6Z/4XC41UYeSDTJBXdVFnEW/H2kOBC8yIWaQm > vQrDp5a8TEWCQ3UMU5UiBlT2X/7qAd0GK6KUW4z+PC09u/packXspZ+cfs+O7h7I > JDK8rRflIqVL1jELVRrqbj6js8jTgONV9PN7ArEGrWdiZG7ARaXM5C+BO6LN1zqf > qlW7tBRL6OksFaBreA4plhgCQOZjyGNb+LgXB/3xWF0Qb5fx+02Fzwdc14Cf4Im7 > yIMYPAhSq+Myt9i5dFl5dustsYk39Gy9ro0gRulsXhPcrqiip6ldCHahN3sn1R03 > u+HRIFIMYySmr+SKkdZK+JQ7Y/Qvtyw0RCkLReidwLhKqTkf9F3gVVcmQUqYLk7g > E3UiXsioy9TMiywbE8RSKC+8E+L0OG4kv5s4EHZ11F8ja38cDqrGdXOFt1L6yk/S > T801Oh4uMfJalpfTrlDUeOINB4G27G621tfZHBpjE42vO2Hle0BV2tmp9WzPDjwz > 6sFCfKmn/cDT3vCiegxlsE2XtiADRPexHdoEzWm9m8ZoQGVW65ip0RkNUFcjmf2q > KQZGC5YToFII1lj5wE49 > =UN7o > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|