Hi Some of our users have the following problem: when users are submiting their order[https and POST], the app send the confirmation page but nothing is displayed on the user's browser.
First here is our stting: OS: Solaris 2.7 Web Sever: Apache 1.3.23 + mod_ssl-2.8.7-1.3.23 + openssl-0.9.6c App server: NewAtlanta ServletExec 4.1 apache vhost config: ------------------------ ... SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 ... Our logs show for 2 of the failing requests [I replaced IPs with Browser1 and Browser2]: SSL LOG: ------------ [11/Mar/2002:11:21:51 +0000] Browser1 TLSv1 RC4-MD5 "GET /main HTTP/1.1" 14514 [11/Mar/2002:15:26:29 +0000] Browser2 SSLv3 RC4-MD5 "POST /main HTTP/1.1" 23618 Apache Logs shows the folowing User Agents: ------------------------------------------------------ Browser1: Mozilla/4.0 (compatible;MSIE 6.0; AOL 7.0; Windows 98) Browser2: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) app server logs show: ------------------------- [Mon Mar 11 11:20:32 GMT 2002] Unknown certificate data: [Mon Mar 11 11:20:32 GMT 2002] ClientCert: oop init: java.util.NoSuchElementException [Mon Mar 11 11:20:32 GMT 2002] java.util.NoSuchElementException [Mon Mar 11 11:20:32 GMT 2002] at java.util.StringTokenizer.nextToken(StringTokenizer.java:235) [Mon Mar 11 11:20:32 GMT 2002] at com.newatlanta.servletexec.ClientCert.parseCert(ClientCert.java:204) .... Retrieving the client certificate data [Mon Mar 11 15:26:28 GMT 2002] java.net.SocketException: Connection reset by peer: Connection reset by peer [Mon Mar 11 15:26:28 GMT 2002] at java.net.SocketInputStream.socketRead(Native Method) [Mon Mar 11 15:26:28 GMT 2002] at java.net.SocketInputStream.read(SocketInputStream.java:90) It looks like it is not possible to get anything from the client, and the connection is broken. I am a bit confused, according to the SetEnvIf directive IE response should be HTTP/1.0, also we force the form method to POST, which has no effect. Thanks for any help. Bruno Georges ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
