Akins, Brian wrote:
> Not the most appropriate forum, but we are willing to pay a reward to
> someone who can definitively help use with a mod_ssl (Apache 2.0.54) and IE
> issue. It seems to only affect older versions (5.5 and early 6).
For reference:
[Mon Jun 20 20:23:23 2005] [debug] ssl_engine_io.c(1522): OpenSSL: I/O
error, 11 bytes expected to read on BIO#87b01f8 [mem: 880daa8]
[Mon Jun 20 20:23:23 2005] [debug] ssl_engine_kernel.c(1813): OpenSSL: Exit:
error in SSLv2/v3 read client hello A[Mon Jun 20 20:23:23 2005] [info]
(70014)End of file found: SSL handshake interrupted by system [Hint: Stop
button pressed in browser?!]
Apache config:
from standard apache config
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider"
redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
#ssl global options
SSLPassPhraseDialog exec:/opt/apache/https-relay/config/https.password
SSLSessionCache dbm:/logs/https-relay.ssl_session_cache
SSLSessionCacheTimeout 600
SSLMutex sem
Listen 443
<VirtualHost *:443>
ServerName xxxxxxxxx.com
SSLEngine on
SSLCertificateFile /opt/apache/https-relay/config/xxxxxx.crt
SSLCertificateChainFile /opt/apache/https-relay/config/intermediate.crt
SSLCertificateKeyFile /opt/apache/https-relay/config/xxxxxxxxx.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
--
Brian Akins
Lead Systems Engineer
CNN Internet Technologies
