M
Mirek Rewak
Hi,
How can I read parameters of the actual SSL session info in my ASP.NET
appllication? I need to know ssl version and cipher used. Apache server
gives it in server variables, but IIS doesn't so I have to get this in
some other way.
I've been searching for this some time, but still haven't found good
solution. For me it is base functionality, SSL handshake negotiation can
e.g. downgrade SSL cipher to the less secure if the client doesn't
support the stronger one. If it can't be done with MS product, it would
be ridicolous, how to make secure applications?.
Thanks in advance for any clue.
PS I know that there is server variable HTTPS_KEYSIZE, but it's not
enough for me.
PS2 I found in KB that I can disable ciphers in registry for schanell,
but it's for whole system! I want it only for my application.
Regards,
mirek
How can I read parameters of the actual SSL session info in my ASP.NET
appllication? I need to know ssl version and cipher used. Apache server
gives it in server variables, but IIS doesn't so I have to get this in
some other way.
I've been searching for this some time, but still haven't found good
solution. For me it is base functionality, SSL handshake negotiation can
e.g. downgrade SSL cipher to the less secure if the client doesn't
support the stronger one. If it can't be done with MS product, it would
be ridicolous, how to make secure applications?.
Thanks in advance for any clue.
PS I know that there is server variable HTTPS_KEYSIZE, but it's not
enough for me.
PS2 I found in KB that I can disable ciphers in registry for schanell,
but it's for whole system! I want it only for my application.
Regards,
mirek