Does changing the "Check for server certificate revocation (requires
restart)" advanced security setting in IE change the behavior?
> -----Original Message-----
> From: Burns, Robert [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 26, 2000 10:38 AM
> To: '[EMAIL PROTECTED]'
> Subject: MSIE *Again*
>
>
> Folks,
>
> I believe I'm experiencing the same MSIE problems that
> have been discussed on this list over the past few weeks,
> but with a little more information. Perhaps it will help.
>
> I'm running Apache 1.3.12 + modssl 2.6.4 + openssl 0.9.5a on
> an UltraSparc 10 + Solaris7.
>
> First, I created a dummy certificate (i.e. signed by Snake-Oil CA)
> and everything works just fine. Both IE and Netscape connect
> without incident.
>
> Next, I got a generated new keys and got a Verisign certificate.
> I installed this certificate (along with the intermediate certificate)
> and that's when things started breaking for IE only. Netscape will
> connect just fine, but IE gives that 'very informative' error screen.
>
> Here is the tail end of the log with debug turned on:
>
> [26/Jul/2000 09:55:20 27052] [debug] OpenSSL: write 67/67 bytes
> to BIO#0014D048 [mem: 001749F0] (BIO dump follows)
> +-------------------------------------------------------------
> ------------+
> | 0000: 14 03 00 00 01 01 16 03-00 00 38 7c 9b f8 cc 94
> ..........8|.... |
> | 0010: 73 0a b9 2b e8 ec 32 91-c2 88 86 52 2b d6 f3 12
> s..+..2....R+... |
> | 0020: 8c 67 0d 7a f9 c2 0c 1e-4c c8 6d 7a 95 3e 21 d9
> .g.z....L.mz.>!. |
> | 0030: 02 16 c0 7d 94 4d 47 7d-70 49 9a 4c d6 db 82 c9
> ...}.MG}pI.L.... |
> | 0040: 72 09 17 r..
> |
> +-------------------------------------------------------------
> ------------+
> [26/Jul/2000 09:55:20 27052] [trace] OpenSSL: Loop: SSLv3 flush data
> [26/Jul/2000 09:55:20 27052] [trace] Inter-Process Session Cache:
> request=SET
> status=OK
> id=460730715DA5C519241676A466979A8EC3B3813DC8A8803C81BCA4658A094BD8
> timeout=299s (session caching)
> [26/Jul/2000 09:55:20 27052] [trace] OpenSSL: Handshake: done
> [26/Jul/2000 09:55:20 27052] [info] Connection: Client IP:
> 192.168.8.109,
> Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
> [26/Jul/2000 09:55:20 27052] [debug] OpenSSL: read 0/18437 bytes from
> BIO#0014D048
> [mem: 001675C8] (BIO dump follows)
> +-------------------------------------------------------------
> ------------+
> +-------------------------------------------------------------
> ------------+
> [26/Jul/2000 09:55:20 27052] [debug] OpenSSL: write 23/23 bytes to
> BIO#0014D048
> [mem: 0016FDD8] (BIO dump follows)
> +-------------------------------------------------------------
> ------------+
> | 0000: 15 03 00 00 12 d4 c5 65-6a a4 01 3f bd 11 49 75
> .......ej..?..Iu |
> | 0010: 12 43 94 83 8f 2c a5
> .C...,. |
> +-------------------------------------------------------------
> ------------+
> [26/Jul/2000 09:55:20 27052] [trace] OpenSSL: Write: SSL negotiation
> finished
> successfully
> [26/Jul/2000 09:55:20 27052] [info] Connection to child 1 closed with
> standard
> shutdown (server 192.168.8.84:443, client 192.168.8.109)
>
> It appears that in the line above (read 0/18437 bytes from...) that IE
> shutdown the TCP/IP connection, forcing the SSL connection to
> be closed by
> the server. The question is, why does IE shutdown the connection, but
> Netscape continued on without problem?
>
> I'm going to try to sniff the TCP line to see what is
> actually happening,
> but until then, any additional insight would be helpfull.
>
> Thanks,
>
> - Bob
>
> ------------------------------------------------------
> Bob Burns Zaxus
> [EMAIL PROTECTED] 1-888-744-4976, X6510
> (local) 1-954-846-6510
> ------------------------------------------------------
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
