I reported this same issue in the Apache mod_ssl Bug DB over 6 months ago, but received no response. I eventually worked with Oracle Worldwide Support (which packages Apache and mod_ssl with it's Oracle9i Application Server) in regards to the errors. The "Cannot find server or DNS error" along with "Page cannot be displayed" errors were not completely eliminated, but greatly reduced. Everything worked fine with Netscape, but not IE. Here was our workable resolution:
I did not completely eliminate the errors, but reduced them quite significantly by making the following changes: 1. Modified httpd.conf as follows (to remove the "nokeepalive" directive): SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown 2. Oracle Worldwide Support patched the ApacheModuleSSL.dll file. The patch to ApacheModuleSSL.dll implements a workaround in the code for reading from a socket for WIN32. According to the details for the ApacheModuleSSL.dll patch, there was mention of a bug in the "select" function in Windows NT 4.0: "When checking a socket, if data can be read without blocking, select () returns yes, but when actually reading from the socket with recv(), that function returns WSAEWOULDBLOCK, which says that reading would block. It seems that this problem does not occur in usual operation, but only in an SSL enabled Apache (modssl or apache-ssl) with https. The code for WIN32, which handles writing to a socket, already contains a workaround for this. The code for reading from a socket did not have a workaround." Basically, they added a retry loop so that if a read from the socket failed, it tried the read again. Carol Kuczborski EDS - Enabling Business Solutions MS A6N-B47 13600 EDS Drive Herndon, VA 20171 * phone: +01-703-742-1025 (8-432) * mailto:[EMAIL PROTECTED] www.eds.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 31, 2002 9:42 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [BugDB] IE Problems connecting to mod_ssl server Linux (PR#663) Full_Name: Version: OS: Submission from: (NULL) (80.132.185.116) I'm having some very weird problems getting some IE clients to connect to a mod_ssl-enabled apache install, and I'm hoping someone has some insight on this beyond what's in the FAQ. The environment is as follows: Webserver version: [ Apache/1.3.20 (Linux/SuSE 7.3) PHP/4.0.6 mod_ssl/2.8.4 OpenSSL/0.9.6b ] I have a 128-bit selfmade cert installed. I have the complete FAQ fixes in (they were already there, actually) as far as an SSL session cache and the 56-bit export proto being turned off. Clients are Win2K ,Win98 with various patched IE 5.5 and Linux with Mozilla and Konqueror. In the case of IE, we have checked all protocols for SSL-Support. Here's a rough breakdown of what works and what doesn't: Linux / Mozilla /Konqueror: always works fine Win2K / IE 5.x: doen't work Win2K / NS 6.x: doen't work ("doesn't work" means that IE spits out that crappy "Cannot finds server or DNS error") I also added in the http.conf SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:!NULL But nothing works!! Please help me or i will hang me up soon. *s* ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
