Mantis - Resin
Viewing Issue Advanced Details
6162 feature always 05-08-18 12:57 06-06-18 16:59
closed 4.0.56  
none 4.0.57  
0006162: Feature-Request: New rewrite condition such as <resin:IfProtocolVersion> for TLS Protocol Version
The access logging of the TLS Protocol Version and the used Cipher-Suite (see 0006113) has helped us a lot to figure out how much traffic is using an outdated TLS Protocol (TLSv1) and partially made it possible to get in touch with people/companies.

If the TLS protocol version would be available as a URL Rewrite condition such as <resin:IfProtocolVersion> with a regexp and/or value attribute it would be possible to perform a check and forward on a commonly used page such as a login page.
For example: [^]

Would trigger such a rewrite when used with a "TLSv1" (value in access-logging when TLSv1.0 is used) connection:

 <resin:Redirect regexp='^/login' target='/warn-outdated-tls-version.jsp'>
     <resin:IfProtocolVersion value="TLSv1"/>
     <resin:IfQueryParam name="check-tls-version" value="true"/>

On the warn-outdated-tls-version.jsp one could have a detailed explanation with a link to bypass such condition and continue with regular login: [^] having a link to login with [^]

06-06-18 16:59