[Ach] Disabling anonymous ciphers
adi at kriegisch.at
Tue Jan 7 09:35:45 CET 2014
> Win XP is not supported due to missing "save" chiphers.
> That is a little bit hidden in the documentation:
> A nice redirect to an "explaination side" instead of a browser error
> message would be nice ... does someone have an idea how to achieve
> that, e.g. in apache?
This is quite easily possible and has been discussed on the list before:
WinXP (as well as Java6) does not support SNI; using that fact it should be
possible to provide a default virtual host with all/most ciphers enabled
explaining the issue to the user and the main site in another virtual host
(that is not the default one, of course).
Btw. it is WinXPs crypto stack that does not implement any other ciphers;
so the issue does not only affect IE but also Outlook and anything that
uses XPs crypto stack.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 827 bytes
Desc: Digital signature
More information about the Ach