We have enforced SSL v3.0 or TLS v1.0 on our server (Win 2003 Srv R2 with II
S
6). When I try to connect using only SSl v2.0 I just get a Page Cannot Be
Displayed error message.

What I want to do is this:

I want the user to connect an unsecured page which runs a script to see if
the client has SSL v3 or TLS v1 enabled and if so forward them to the secure
d
page. If they can not use SSL v3 or TLS v1  then they are given a custom
error message.

Could you help me with this script?

[ Post a follow-up to this message ]

"cats solutions" <catssolutions@discussions.microsoft.com> wrote in message
news:EA0F1599-F7B9-46B3-9E2A-D22D3DF78A59@microsoft.com...
> We have enforced SSL v3.0 or TLS v1.0 on our server (Win 2003 Srv R2 with
> IIS
> 6). When I try to connect using only SSl v2.0 I just get a Page Cannot Be
> Displayed error message.
>
> What I want to do is this:
>
> I want the user to connect an unsecured page which runs a script to see if
> the client has SSL v3 or TLS v1 enabled and if so forward them to the
> secured
> page. If they can not use SSL v3 or TLS v1  then they are given a custom
> error message.
>
> Could you help me with this script?

I guess I am missing something here.
If you have an error handler page for 403.4 and they land
there would that not be because either
a) the original page was set to require https and they used http
or
b) they used https but could not actually use it (i.e. no SSL 3 or TLS 1)
??
So, if your original page is not configured in IIS to require https, but
instead does a serverside test if the server var HTTPS is ON and if
not redirects to itself with https:// then would not the only reason
they would land at the errror handler page be because they could
not support SSL 3 or TSL 1 ??

[ Post a follow-up to this message ]

Roger wrote  on Fri, 27 Apr 2007 23:19:46 -0700:

> "cats solutions" <catssolutions@discussions.microsoft.com> wrote in
> message news:EA0F1599-F7B9-46B3-9E2A-D22D3DF78A59@microsoft.com... 
>
> I guess I am missing something here.
> If you have an error handler page for 403.4 and they land
> there would that not be because either
> a) the original page was set to require https and they used http
> or
> b) they used https but could not actually use it (i.e. no SSL 3 or TLS 1)
> ??
> So, if your original page is not configured in IIS to require https, but
> instead does a serverside test if the server var HTTPS is ON and if
> not redirects to itself with https:// then would not the only reason
> they would land at the errror handler page be because they could
> not support SSL 3 or TSL 1 ??
>

How would it be possible for the browser to hit the error handler page when
it cannot make a connection to the server in the first place? If the browser
only supports SSL2, and the server doesn't, then it's not possible for the
browser to connect during the SSL handshaking stage so will never see any
response from the server.

In case (a) it works because the connection to the server doesn't use SSL.
For (b) it'll never work.

Dan

[ Post a follow-up to this message ]