|
Mantis - Resin
|
|||||
| Viewing Issue Advanced Details | |||||
|
|
|||||
| ID: | Category: | Severity: | Reproducibility: | Date Submitted: | Last Update: |
| 6162 | feature | always | 05-08-18 12:57 | 06-06-18 16:59 | |
|
|
|||||
| Reporter: | stbu | Platform: | |||
| Assigned To: | ferg | OS: | |||
| Priority: | normal | OS Version: | |||
| Status: | closed | Product Version: | 4.0.56 | ||
| Product Build: | Resolution: | fixed | |||
| Projection: | none | ||||
| ETA: | none | Fixed in Version: | 4.0.57 | ||
|
|
|||||
| Summary: | 0006162: Feature-Request: New rewrite condition such as <resin:IfProtocolVersion> for TLS Protocol Version | ||||
| Description: |
The access logging of the TLS Protocol Version and the used Cipher-Suite (see 0006113) has helped us a lot to figure out how much traffic is using an outdated TLS Protocol (TLSv1) and partially made it possible to get in touch with people/companies. If the TLS protocol version would be available as a URL Rewrite condition such as <resin:IfProtocolVersion> with a regexp and/or value attribute it would be possible to perform a check and forward on a commonly used page such as a login page. |
||||
| Steps To Reproduce: | |||||
| Additional Information: |
For example: https://www.example.com/login?check-tls-version=true [^] Would trigger such a rewrite when used with a "TLSv1" (value in access-logging when TLSv1.0 is used) connection: <resin:Redirect regexp='^/login' target='/warn-outdated-tls-version.jsp'> <resin:And> <resin:IfProtocolVersion value="TLSv1"/> <resin:IfQueryParam name="check-tls-version" value="true"/> </resin:And> </resin:Redirect> On the warn-outdated-tls-version.jsp one could have a detailed explanation with a link to bypass such condition and continue with regular login: https://www.example.com/warn-outdated-tls-version.jsp [^] having a link to login with https://www.example.com/login?check-tls-version=false [^] |
||||
| Relationships | |||||
| Attached Files: | |||||
| Notes | |||||
|
|
|||||
|
|
||||