tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Wall" <>
Subject Ajp13/mod_jk - returning mod_ssl's SSL_CIPHER_USEKEYSIZE environment variable
Date Fri, 09 Feb 2001 00:31:23 GMT
A quick look over the source code for mod_jk and the 1.3 connector seem to show that adding
the mod_ssl environment variable SSL_CIPHER_USEKEYSIZE would not be too hard, perhaps based
on cloning the code that implements SSL_CIPHER handling.

Can the SSL_CIPHER_USEKEYSIZE environment param be added so that servlets can determine the
key lengths used (low, medium or high encryption)?  It makes a lot of sense to be able to
see this value in connection to SSL_CIPHER since 40-bit encryption is weak no matter what
SSL cipher is being used.  We'd like to be able to alert people to this and inform them that
they can upgrade their browser to have better SSL protection.  In fact, one of our customers
even wants to reject people who use few than 128bits, and while this can be done "harshly"
via mod_ssl, we'd prefer to redirect users to a page explaining things more clearly.


View raw message