S3) Why can't I view my site using IE5.x?
> There are two irritating bugs in IE5's implementation of SSL not mentioned
> on the mod_ssl website. One is that you can't use IP addresses - you must
> use the FQDN to access the site. The other bug affects non-128-bit versions
> of IE 5.01, which basically don't work at all. If you force SSLProtocol All
> -SSLv3 it works in IE5.01 but breaks other browsers. See:
> http://support.microsoft.com/support/kb/articles/Q244/3/02.ASP
> http://support.microsoft.com/support/kb/articles/Q247/3/67.ASP
> http://www.microsoft.com/windows/ie/security/schannel.asp
>
> N.B. I can see some GID sites using my copy of 5.01 / 56 bit. Whether this
> is a server-side workaround or something else I don't know. Any clues?
MS IE 5.01 56bit works fine (ie steping up to 128 bit) with mod_ssl and openssl
0.9.4. But it does not work with openssl >=0.9.5 :( WHY? I saw claims on the
list that 0.9.4 doesn't support SGC but with 0.9.4 IE 5.01 successfully steps
up to 128 bits... I see that in my logs...
So that looks more like an openssl bug :( There are also a lot of IE bugs of
course but even when all known patches are applied IE still doesn't work with
0.9.5 but it (again) WORKS with 0.9.4 AS EXPECTED.
By the way, MS claims that Windows2000 IE 5.01 doesn't need mentioned patches
as all of them are already applied but is still doesn't work with openssl
0.9.5x and it DOES work wint 0.9.4. So there is clearly a server-side
workaround (at least or probaly simply a bug fix) for this IE 5.01 issue.
Oleg
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
