> Hi Richard,
> if no config rules work maybe the fastest way to achive your goal are
> redirects depending on the current client protocol spoken. For
> example, redirecting every browser not communicating via TLS to an
> extra error page:
> SSLOptions +StdEnvVars
> RewriteEngine on
> RewriteCond %{SSL:SSL_PROTOCOL} !TLSv1
> RewriteCond %{REQUEST_URI} !^/error/.*$
> RewriteRule .* /error/no_tls_encryption.html [R,L]
> Did not test this myself, see further details on
> http://www.modssl.org/docs/2.8/ssl_reference.html#ToC25 and
> http://httpd.apache.org/docs/2.2/de/...ml#rewritecond
> Greetings from Germany,
> Eckard
> __________________________________________________ ____________________


Thanks for the excellent suggestion but I found the solution. I was
focusing on SSLCipherSuite so much that I completely missed the
SSLProtocol directive. It is not included in the default config and
thus apparently defaults to all. Setting this to TLSv1 only yields the
expected results - clients are not allowed to connect.

Your solution does present a more elegant result in that this page can
be used to inform the user that they need to enable TLSv1 in their
browser, or use one that supports TLS.

__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org