On Thu, 7 Sep 2000, Justin Funke wrote:
> I may be making a presumptuous assumption but I am assuming there is a way
> to make all versions work. I can't ask my customers to change browsers
> before buying my product. I wonder if there is a downgrade option. I
> remember seeing that somewhere. Right now I am willing to try anything....
>
> Thanks for the help Carlos,
>
> Justin
I just had a problem with this when we deployed mod_ssl for a large
e-commerce site.. still working on a workaround. IE 4.72(?), IE5.00, AOL 4
and AOL5 had problems, while all other browsers seemed to work.
Sometimes the problem manifested itself as broken images (this was typical
of the AOL browsers); other times the generic "Server cannot be found"
message would pop up in IE.
The solution I implemented temporarily was disabling SSLv2 altogether with
the following flag:
SSLProtocol all -SSLv3
..which has resolved the issue until I can find a fix. Using the
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0
force-response-1.0
flags resolved problems we were having with IE5.5, but not any of the
other browsers.
It seems the problem may have something to do with the type of
SSLSessionCache that is running, but I haven't been able to confirm this
for sure. (Enabling 'SSLSessionCache dbm:logs/ssl_scache' on my
development server resolved the issue there, and I am waiting for a
maintence window on the primary site to give it a shot and see if it
resolves the issue altogether.) Anyone have further insight into this?
--
Nate Carlson <[EMAIL PROTECTED]> | Phone : (952)943-8700
http://www.real-time.com | Fax : (952)943-8500
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
