>=20
> Hi Richard,
>=20
> if no config rules work maybe the fastest way to achive your goal are
> redirects depending on the current client protocol spoken. For
> example, redirecting every browser not communicating via TLS to an
> extra error page:
>=20
> SSLOptions +StdEnvVars
> RewriteEngine on
> RewriteCond %{SSL:SSL_PROTOCOL} !TLSv1
> RewriteCond %{REQUEST_URI} !^/error/.*$
> RewriteRule .* /error/no_tls_encryption.html [R,L]
>=20
> Did not test this myself, see further details on
> http://www.modssl.org/docs/2.8/ssl_reference.html#ToC25 and
> http://httpd.apache.org/docs/2.2/de/...ml#rewritecond
>=20
> Greetings from Germany,
> Eckard
> __________________________________________________ ____________________


Eckard,

Thanks for the excellent suggestion but I found the solution. I was
focusing on SSLCipherSuite so much that I completely missed the
SSLProtocol directive. It is not included in the default config and
thus apparently defaults to all. Setting this to TLSv1 only yields the
expected results - clients are not allowed to connect.

Your solution does present a more elegant result in that this page can
be used to inform the user that they need to enable TLSv1 in their
browser, or use one that supports TLS.

Regards,
Rich
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org