That is the suggestion in the mod_ssl FAQ, but it did not work for me. I had to remove the forcing of http 1.0 and nokeepalive.
Carol Kuczborski EDS - Enabling Business Solutions MS A6N-B47 13600 EDS Drive Herndon, VA 20171 * phone: +01-703-742-1025 (8-432) * mailto:[EMAIL PROTECTED] www.eds.com -----Original Message----- From: Shain Miley [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 06, 2002 1:13 PM To: [EMAIL PROTECTED] Subject: Re: Problem with IE I fixed a problem this morning by adding this line to my httpd.conf file: SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 Shain Kuczborski, Carol L wrote: >Sorry, it is NOT the recommendation made in mod_ssl.... But it worked for >me. > >Carol Kuczborski >EDS - Enabling Business Solutions >MS A6N-B47 >13600 EDS Drive >Herndon, VA 20171 > >* phone: +01-703-742-1025 (8-432) >* mailto:[EMAIL PROTECTED] >www.eds.com > > > >-----Original Message----- >From: Kuczborski, Carol L >Sent: Wednesday, February 06, 2002 10:09 AM >To: '[EMAIL PROTECTED]' >Subject: RE: Problem with IE > > >Try the following setting for the IE browser in the httpd.conf file. I know >it is the recommendation made in the mod_ssl FAQ, but it seemed to help me. >I had the same problem you are having and researched it for months. After >making the change to the http.conf below (and applying a patch from Oracle >to the ApacheModuleSSL.dll file on Windows NT), it reduced the intermittent >"Cannot find server or DNS error" and "Page cannot be displayed" messages >received when using the IE browser. I never received these errors when >using the Netscape browser. > >SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown > >Carol Kuczborski >EDS - Enabling Business Solutions >MS A6N-B47 >13600 EDS Drive >Herndon, VA 20171 > >* phone: +01-703-742-1025 (8-432) >* mailto:[EMAIL PROTECTED] >www.eds.com > > > >-----Original Message----- >From: Thomas Lepik [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, February 06, 2002 3:48 AM >To: [EMAIL PROTECTED] >Subject: Problem with IE > > >Hello, > >I compiled apache-1.3.2+mod_ssl-2.8.6+php-4.1.1 sucessfully on RH 7.2 Linux. > >I created certificates, modified httpd.conf for my needs and started apache >with ssl option. >Things seemed to be working fine - even tested with lynx browser to see >wheather https://localhost >gives a connection - and it did! But when tested with M$ IE 5.0 (with high >encryption patch >that allows 128 bit chipher), I constantly ran into "page cannot be >displayed" - eventhough >I modified httpd.conf's SSL section several times as suggested here before. >(if IE setenv xxx and, >SSL -v3, session cache things) Any time - lynx displays the page and IE >doesn't. > >Here are two samples from my ssl_engine_log. First one with lynx browser, >second one with my >troublesome IE. (also included server startup lines to ensure that server is >running smoothly) > >server startup: >----------------- >06/Feb/2002 10:29:06 09923] [info] Init: Configuring server emedia.se:443 >for SSL protocol >[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Creating new SSL >context (protocols: SSLv2, SSLv3, TLSv1) >[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring >permitted SSL ciphers >[ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP] >[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring RSA >server certificate >[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring RSA >server private key >[06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring >server certificate chain (1 CA certificate) >------------- > >Lynx browser: >---------------- >[06/Feb/2002 10:29:41 09924] [info] Connection to child 0 established >(server emedia.se:443, client 212.107.xx.xx) >[06/Feb/2002 10:29:41 09924] [info] Seeding PRNG with 23177 bytes of >entropy >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Handshake: start >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: before/accept >initialization >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 read client hello >A >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write server hello >A >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write certificate >A >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write key exchange >A >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write server done >A >[06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 flush data >[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 read client key >exchange A >[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 read finished A >[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 write change >cipher spec A >[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 write finished A >[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 flush data >[06/Feb/2002 10:29:42 09924] [trace] Inter-Process Session Cache: >request=SET status=OK >id=6ACADD8B778A6BFFDF0E22CCC0023F4B080C297422FA989923FC36348E3FFD83 >timeout=599s (session caching) >[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Handshake: done >[06/Feb/2002 10:29:42 09924] [info] Connection: Client IP: 212.107.xx.xx, >Protocol: TLSv1, Cipher: EDH-RSA-DES-CBC3-SHA (168/168 bits) >[06/Feb/2002 10:29:42 09924] [info] Initial (No.1) HTTPS request received >for child 0 (server emedia.se:443) >[06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Write: SSL negotiation >finished successfully >[06/Feb/2002 10:29:42 09924] [info] Connection to child 0 closed with >standard shutdown (server emedia.se:443, client 212.107.xx.xx) >-------------- > >Now with IE >--------------- >Connection to child 1 established (server emedia.se:443, client >212.107.xx.xx) >[06/Feb/2002 10:32:37 09925] [info] Seeding PRNG with 23177 bytes of >entropy >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Handshake: start >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: before/accept >initialization >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read client hello >A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write server hello >A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write certificate >A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write server done >A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 flush data >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read client key >exchange A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read finished A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write change >cipher spec A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write finished A >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 flush data >[06/Feb/2002 10:32:37 09925] [trace] Inter-Process Session Cache: >request=SET st >atus=OK id=C52B666B384B0E4DD7F0BDB6D6F8E8118E3AA5748DF993A553C4CC4E2FB86606 >timeout=600s (session caching) >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Handshake: done >[06/Feb/2002 10:32:37 09925] [info] Connection: Client IP: 212.107.xx.xx, >Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) >[06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Write: SSL negotiation >finished successfully >[06/Feb/2002 10:32:37 09925] [info] Connection to child 1 closed with >standard shutdown (server emedia.se:443, client 212.107.xx.xx) >---------- > > >Best regards, >Thomas. > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
