>-----Original Message----- >From: Andreas Gietl [mailto:[EMAIL PROTECTED]] >Sent: 23 January 2002 18:13 >To: [EMAIL PROTECTED] >Subject: strange problem with unclean shutdown > > >hi, > >i've got a really really strange problem with mod_ssl >2.8.5-1.3.22 on Apache >1.3.22 with openssl 0.9.6c. > >As we all know MSIE needs the unclean-shutdown to sucessfully >work with >mod_ssl. This is why we add the SetEnvIf for this Browser. >(full vhost-config >see below). The strange thing is that this for some reason >seems not to match >IE 5.01 and 5.5. >This are the user-agent for these browsers: > >Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; DT) >Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; DT) > >Versions > 6 worked. Others not tested. > >The certificate is issued let's say for www.defaulthost.de. >And not it is >really getting unbelievable: >if i connect to defaulhost.de it's doing the unclean-shutdown and to >www.defaulhost.de it is doing a standard-shutdown, which does not work. >Connecting to www.defaulhost.de does give the ie >standard-error-page. There's >no HTTP-Request in the access_log, just in the SSLLog an entry that it >connected and quited with standard shutdown. > >Any ideas? > >Andreas > >Here's the config: > ># ># Global SSL ># > >AddType application/x-x509-ca-cert .cer >AddType application/x-pkcs7-crl .crl > >#SSLPassPhraseDialog builtin >SSLSessionCache dbm:/tmp/ssl_scache >SSLSessionCacheTimeout 100 >#SSLMutex file:domlogs/ssl_mutex >#SSLRandomSeed startup builtin >#SSLRandomSeed connect builtin > >#SSLLog domlogs/ssl_engine_log >#SSLLogLevel debug > ># SSL - Virtual-Host > ><VirtualHost XXXXXXX:443> >ServerName www.defaulthost.de >ServerAdmin [EMAIL PROTECTED] >DocumentRoot /home/defaulthost/public_html > >SSLEngine on > >SSLCipherSuite >ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > >ErrorLog domlogs/defaulthost.errors.https >CustomLog domlogs/defaulthost.de.ssl combined >SetEnvIf User-Agent "MSIE" nokeepalive ssl-unclean-shutdown >downgrade-1.0 >force-response-1.0 > >CustomLog domlogs/defaulthost.de.ssl_request_log \ > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > >SSLCertificateFile /usr/local/apache/conf/cert/www.defaulthost.de.cer >SSLCertificateKeyFile >/usr/local/apache/conf/cert/www.defaulthost.de.key >ScriptAlias /cgi-bin/ /home/defaulhost/public_html/cgi-bin/ ></VirtualHost> > I notice that you are using the dbm ssl session cache. What happens if you try the shm ssl session cache? Some people have reported that things start working after using shm.
- John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] Agnostic (Greek) = Ignoramus (Latin) - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
