Re: Notify user of SSL 3 requirement



Roger wrote on Fri, 27 Apr 2007 23:19:46 -0700:

"cats solutions" <catssolutions@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:EA0F1599-F7B9-46B3-9E2A-D22D3DF78A59@xxxxxxxxxxxxxxxx
We have enforced SSL v3.0 or TLS v1.0 on our server (Win 2003 Srv R2 with
IIS 6). When I try to connect using only SSl v2.0 I just get a Page
Cannot Be Displayed error message.

What I want to do is this:

I want the user to connect an unsecured page which runs a script to see
if the client has SSL v3 or TLS v1 enabled and if so forward them to the
secured
page. If they can not use SSL v3 or TLS v1 then they are given a custom
error message.

Could you help me with this script?

I guess I am missing something here.
If you have an error handler page for 403.4 and they land
there would that not be because either
a) the original page was set to require https and they used http
or
b) they used https but could not actually use it (i.e. no SSL 3 or TLS 1)
??
So, if your original page is not configured in IIS to require https, but
instead does a serverside test if the server var HTTPS is ON and if
not redirects to itself with https:// then would not the only reason
they would land at the errror handler page be because they could
not support SSL 3 or TSL 1 ??


How would it be possible for the browser to hit the error handler page when
it cannot make a connection to the server in the first place? If the browser
only supports SSL2, and the server doesn't, then it's not possible for the
browser to connect during the SSL handshaking stage so will never see any
response from the server.

In case (a) it works because the connection to the server doesn't use SSL.
For (b) it'll never work.

Dan


.



Relevant Pages

  • Re: questions Digest, Vol 79, Issue 36
    ... I hadn't considered using a random https query header's timestamp... ... For the SSL certificate store, I still have to look into it, but I think I ... Using a continuous integration server ...
    (comp.protocols.time.ntp)
  • Re: do i need a dedicated ip address for https?
    ... The SSL with a dedicated IP is the 'supposed' way of how to SSL should be ... If you are using Apache as web server you can use the SNI with ... provide SNI support. ... name requested in the connection attempt doesn't work with HTTPS. ...
    (Fedora)
  • Re: SSL Server Certificate Error
    ... Error "Page Cannot Be Displayed" When You Connect Through HTTPS ... Determine If SSL Connectivity Is Not Working on the Web Server or on ... >>> Verisign SSL Server certificate from the above test box. ...
    (microsoft.public.inetserver.iis.security)
  • Re: [OT] can anyone offer Lisp job?
    ... >> What's wrong with https, that is, http over SSL? ... > computer through the dialup port and TELNET link to shell machine and ... If your server doesn't provide ssh, ...
    (comp.lang.lisp)
  • RE: ISA 2006 and SSL
    ... I have a rule that is HTTP, HTTPS, and HTTPS Server as one object in the ... SSL Tunnel was allowed thru the rule that I created. ... the logger then showed the client traffic being allowed. ...
    (microsoft.public.isa)