Shain, Do you have a public URL that I can try a browser on? I have the same in my httpd.conf file and it does not fix my problem with the IE browser that I have installed in my office.
Chris At 01:12 PM 2/6/02 -0500, you wrote: >I fixed a problem this morning by adding this line to my httpd.conf file: > >SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown >downgrade-1.0 force-response-1.0 > >Shain > > >Kuczborski, Carol L wrote: > >>Sorry, it is NOT the recommendation made in mod_ssl.... But it worked for >>me. >> >>Carol Kuczborski >>EDS - Enabling Business Solutions >>MS A6N-B47 >>13600 EDS Drive >>Herndon, VA 20171 >> >>* phone: +01-703-742-1025 (8-432) >>* mailto:[EMAIL PROTECTED] >>www.eds.com >> >> >> >>-----Original Message----- >>From: Kuczborski, Carol L Sent: Wednesday, February 06, 2002 10:09 AM >>To: '[EMAIL PROTECTED]' >>Subject: RE: Problem with IE >> >> >>Try the following setting for the IE browser in the httpd.conf file. I know >>it is the recommendation made in the mod_ssl FAQ, but it seemed to help me. >>I had the same problem you are having and researched it for months. After >>making the change to the http.conf below (and applying a patch from Oracle >>to the ApacheModuleSSL.dll file on Windows NT), it reduced the intermittent >>"Cannot find server or DNS error" and "Page cannot be displayed" messages >>received when using the IE browser. I never received these errors when >>using the Netscape browser. >> >>SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown >> >>Carol Kuczborski >>EDS - Enabling Business Solutions >>MS A6N-B47 >>13600 EDS Drive >>Herndon, VA 20171 >> >>* phone: +01-703-742-1025 (8-432) >>* mailto:[EMAIL PROTECTED] >>www.eds.com >> >> >> >>-----Original Message----- >>From: Thomas Lepik [mailto:[EMAIL PROTECTED]] >>Sent: Wednesday, February 06, 2002 3:48 AM >>To: [EMAIL PROTECTED] >>Subject: Problem with IE >> >> >>Hello, >> >>I compiled apache-1.3.2+mod_ssl-2.8.6+php-4.1.1 sucessfully on RH 7.2 Linux. >> >>I created certificates, modified httpd.conf for my needs and started apache >>with ssl option. >>Things seemed to be working fine - even tested with lynx browser to see >>wheather https://localhost >>gives a connection - and it did! But when tested with M$ IE 5.0 (with high >>encryption patch >>that allows 128 bit chipher), I constantly ran into "page cannot be >>displayed" - eventhough >>I modified httpd.conf's SSL section several times as suggested here before. >>(if IE setenv xxx and, >>SSL -v3, session cache things) Any time - lynx displays the page and IE >>doesn't. >> >>Here are two samples from my ssl_engine_log. First one with lynx browser, >>second one with my >>troublesome IE. (also included server startup lines to ensure that server is >>running smoothly) >> >>server startup: >>----------------- >>06/Feb/2002 10:29:06 09923] [info] Init: Configuring server emedia.se:443 >>for SSL protocol >>[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Creating new SSL >>context (protocols: SSLv2, SSLv3, TLSv1) >>[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring >>permitted SSL ciphers >>[ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP] >>[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring RSA >>server certificate >>[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring RSA >>server private key >>[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring >>server certificate chain (1 CA certificate) >>------------- >> >>Lynx browser: >>---------------- >>[06/Feb/2002 10:29:41 09924] [info] Connection to child 0 established >>(server emedia.se:443, client 212.107.xx.xx) >>[06/Feb/2002 10:29:41 09924] [info] Seeding PRNG with 23177 bytes of >>entropy >>[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Handshake: start >>[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: before/accept >>initialization >>[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 read client hello >>A >>[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write server hello >>A >>[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write certificate >>A >>[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write key exchange >>A >>[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write server done >>A >>[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 flush data >>[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 read client key >>exchange A >>[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 read finished A >>[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 write change >>cipher spec A >>[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 write finished A >>[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 flush data >>[06/Feb/2002 10:29:42 09924] [trace] Inter-Process Session Cache: >>request=SET status=OK >>id=6ACADD8B778A6BFFDF0E22CCC0023F4B080C297422FA989923FC36348E3FFD83 >>timeout=599s (session caching) >>[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Handshake: done >>[06/Feb/2002 10:29:42 09924] [info] Connection: Client IP: 212.107.xx.xx, >>Protocol: TLSv1, Cipher: EDH-RSA-DES-CBC3-SHA (168/168 bits) >>[06/Feb/2002 10:29:42 09924] [info] Initial (No.1) HTTPS request received >>for child 0 (server emedia.se:443) >>[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Write: SSL negotiation >>finished successfully >>[06/Feb/2002 10:29:42 09924] [info] Connection to child 0 closed with >>standard shutdown (server emedia.se:443, client 212.107.xx.xx) >>-------------- >> >>Now with IE >>--------------- >>Connection to child 1 established (server emedia.se:443, client >>212.107.xx.xx) >>[06/Feb/2002 10:32:37 09925] [info] Seeding PRNG with 23177 bytes of >>entropy >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Handshake: start >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: before/accept >>initialization >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read client hello >>A >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write server hello >>A >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write certificate >>A >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write server done >>A >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 flush data >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read client key >>exchange A >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read finished A >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write change >>cipher spec A >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write finished A >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 flush data >>[06/Feb/2002 10:32:37 09925] [trace] Inter-Process Session Cache: >>request=SET st >>atus=OK id=C52B666B384B0E4DD7F0BDB6D6F8E8118E3AA5748DF993A553C4CC4E2FB86606 >>timeout=600s (session caching) >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Handshake: done >>[06/Feb/2002 10:32:37 09925] [info] Connection: Client IP: 212.107.xx.xx, >>Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) >>[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Write: SSL negotiation >>finished successfully >>[06/Feb/2002 10:32:37 09925] [info] Connection to child 1 closed with >>standard shutdown (server emedia.se:443, client 212.107.xx.xx) >>---------- >> >> >>Best regards, >>Thomas. >> >>______________________________________________________________________ >>Apache Interface to OpenSSL (mod_ssl) www.modssl.org >>User Support Mailing List [EMAIL PROTECTED] >>Automated List Manager [EMAIL PROTECTED] >>______________________________________________________________________ >>Apache Interface to OpenSSL (mod_ssl) www.modssl.org >>User Support Mailing List [EMAIL PROTECTED] >>Automated List Manager [EMAIL PROTECTED] >>______________________________________________________________________ >>Apache Interface to OpenSSL (mod_ssl) www.modssl.org >>User Support Mailing List [EMAIL PROTECTED] >>Automated List Manager [EMAIL PROTECTED] > > > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
