Re: Notify user of SSL 3 requirement
- From: "Daniel Crichton" <msnews@xxxxxxxxxxxxxxxx>
- Date: Thu, 3 May 2007 17:08:00 +0100
Roger wrote on Fri, 27 Apr 2007 23:19:46 -0700:
"cats solutions" <catssolutions@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
We have enforced SSL v3.0 or TLS v1.0 on our server (Win 2003 Srv R2 with
IIS 6). When I try to connect using only SSl v2.0 I just get a Page
Cannot Be Displayed error message.
What I want to do is this:
I want the user to connect an unsecured page which runs a script to see
if the client has SSL v3 or TLS v1 enabled and if so forward them to the
page. If they can not use SSL v3 or TLS v1 then they are given a custom
Could you help me with this script?
I guess I am missing something here.
If you have an error handler page for 403.4 and they land
there would that not be because either
a) the original page was set to require https and they used http
b) they used https but could not actually use it (i.e. no SSL 3 or TLS 1)
So, if your original page is not configured in IIS to require https, but
instead does a serverside test if the server var HTTPS is ON and if
not redirects to itself with https:// then would not the only reason
they would land at the errror handler page be because they could
not support SSL 3 or TSL 1 ??
How would it be possible for the browser to hit the error handler page when
it cannot make a connection to the server in the first place? If the browser
only supports SSL2, and the server doesn't, then it's not possible for the
browser to connect during the SSL handshaking stage so will never see any
response from the server.
In case (a) it works because the connection to the server doesn't use SSL.
For (b) it'll never work.
- Prev by Date: Re: Virtual Directory Access Denied
- Next by Date: Re: Virtual Directory Access Denied
- Previous by thread: Re: Virtual Directory Access Denied
- Next by thread: My FTP site is being "attacked"