Hi,
I have been trying to fix the known MSIE browser issues in my configuration
with some issues still occuring.
I have read the FAQ, searched the archives, and implemented the solutions
that have been documented - but I am still getting the dreaded "The page
cannot be displayed" error when certain MSIE browsers attempt to connect to
my site. I get the infamous log entry:
[Fri Jan 18 00:55:53 2002] [error] mod_ssl: SSL handshake interrupted by
system [Hint: Stop button pressed in browser?!] (System error follows)
[Fri Jan 18 00:55:53 2002] [error] System: Connection reset by peer
(errno: 104)
Fortunately (for my sanity), I have one of non-working versions of the MSIE
browsers (5.00.2614.3500) on one of the machines in my office so I can
repeatedly create the errors.
I am determined to squash this thing but I do not know where to go next.
I have included the following information below:
* SYSTEM INFORMATION
* CONFIGURATION INFORMATION
* BROWSER VERSION INFORMATION
* CERTIFICATE STATISTICS FROM THE BROWSER
Any help or further direction would be greatly appreciated!
Sincerely,
Christopher Taranto
SYSTEM INFORMATION:
===================
I am running Red Hat 6.2 on a Pentinum III using:
* mod_ssl-2.8.5-1.3.22
* openssl-0.9.6b
* mm-1.1.3
CONFIGURATION INFORMATION:
==========================
<IfModule mod_ssl.c>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
# I have also tried dbm but there was no difference
SSLSessionCache
shm:/usr/local/apache/logs/ssl_gcache_data(512000)
SSLSessionCacheTimeout 300
SSLMutex file:logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog logs/ssl_engine_log
SSLLogLevel info
</IfModule>
<VirtualHost>
<snip>
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
BrowserMatch "MSIE [1-4]" nokeepalive \
ssl-unclean-shutdown \
downgrade-1.0 \
force-response-1.0
BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown
BrowserMatch "Mozilla/4..*PC)" nokeepalive \
downgrade-1.0 \
force-response-1.0
</snip>
</VirtualHost>
BROWSER VERSION INFORMATION
===================================
MSIE 5.00.2614.3500
Cipher Strength: 40-bit
CERTIFICATE STATS FROM THE BROWSER
===================================
My certificate was generated using 1024 bits.
Version: V3
Serial Number: 5A55 3FAD EB43 6649 7F8B 39BB 1D33 6DE1
Signature Algorithm: md5RSA
Public Key: 3081 8902 8181 00BD D63A 500D 0FE0 CCA2 E7BB 804B 53DA E4CE
9F51 3D54 93A3 5D2E FC0E E3E2 7046 1EFF 6826 BB30 B8DC 4903 9A32 345F E769
31D7 D313 6ECD 62BD 2CBE C070 AFD5 C1C8 9920 7442 5E44 2AED 7878 A566 DD3A
3445 0612 919A 0B74 2F6A E806 080F C7E7 9C68 7FAC 51D3 4EA9 0BC3 ABAF 27D2
2C95 0A09 CD12 61B3 4DF2 0A88 1379 7552 5B1C D4CE 9F02 0301 0001
Basic Constraints: Subject Type=End Entity
Path Length Constraint=None
Key Usage: Digital Signature, Key Encipherment(A0)
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://crl.verisign.com/RSASecureServer.crl
[1]Certificate Policy:
PolicyIdentifier=2.16.840.1.113733.1.7.1.1
[1,1]Policy Qualifier Info:
Policy Qualifier Id=1.3.6.1.5.5.7.2.1
Qualifier=161C 6874 7470 733A 2F2F 7777 772E 7665 7269 7369 676E
2E63 6F6D 2F43 5053
[1,2]Policy Qualifier Info:
Policy Qualifier Id=1.3.6.1.5.5.7.2.2
Qualifier=3056 3015 160E 5665 7269 5369 676E 2C20 496E 632E 3003
0201 011A 3D56 6572 6953 6967 6E27 7320 4350 5320 696E 636F 7270 2E20 6279
2072 6566 6572 656E 6365 206C 6961 622E 206C 7464 2E20 2863 2939 3720 5665
7269 5369 676E
Server Authentication(1.3.6.1.5.5.7.3.1)
Client Authentication(1.3.6.1.5.5.7.3.2)
2.16.840.1.113733.1.6.15:
16 09 39 32 36 30 32 32 ..926022
34 32 37 427
Authority Information Access: [1]Authority Info Access
AccessMethod=On-line Certificate Status Protocol(1.3.6.1.5.5.7.48.1)
Alternative Name:
URL=http://ocsp.verisign.com
Thumbprint Algorithm: sha1
Thumbprint: CC1C DD7D BE05 C813 F119 813B 86E6 5717 5583 F981
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
