IE6 & SSL problems
OK, I know the IE/SSL issue has been discussed in the past. I've read as many posts and FAQs on the issue as I can. All of the fixes that I've found are implemented in my configuration (in fact, was done so automatically at server build time). All of my users run IE 5.5, 5.5sp2, 6, or 6sp1 as they are all Windows 2000. When attempting to access the secure area on my webserver, they recieve a 'page cannot be displayed' error. Upon refresh, 70% of the page will properly appear. Another refresh and the rest may appear OR the error will come up again. Another refresh and the same thing OR it will come up fine. It's a vicious cycle, I tell ya! I have been able to confirm the error on both Win98 & Win2k using IE6 and 6sp1. I do get this error in the log files from time to time: [Wed Sep 11 10:27:48 2002] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows) But, more often (in fact, on any IE access), I see this in my logs: [Tue Sep 24 00:30:00 2002] [notice] child pid 3713 exit signal Segmentation fault (11) [Tue Sep 24 00:30:03 2002] [notice] child pid 4234 exit signal Segmentation fault (11) [Tue Sep 24 00:30:08 2002] [notice] child pid 3711 exit signal Segmentation fault (11) Upon a SIGHUP of apache, IE will work beautifully for, maybe, 3 minutes, then the errors start all over again. Sigh. Of course, no problem with Netscape or Mozilla on Windows or UNIX. Server config is as follows: Red Hat 6.2, Apache 1.3.26, PHP 4.12, mod_ssl 2.8.10, OpenSSL 0.9.5a. Certificate is self-signed test cert. Snips from http.conf: SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache SSLSessionCacheTimeout 300 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Any other pointers would be GREATLY appreciated. :) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: IE6 & SSL problems
Quoting Harald Koch <[EMAIL PROTECTED]>: > > All of my users run IE 5.5, 5.5sp2, 6, or 6sp1 as they are all Windows > 2000. > > When attempting to access the secure area on my webserver, they recieve a > 'page > > cannot be displayed' error. Upon refresh, 70% of the page will properly > appear. > > Another refresh and the rest may appear OR the error will come up again. > > > Another refresh and the same thing OR it will come up fine. > > Cool. I've never seen this one, and I use IE (various versions) to > access apache (various versions, various OSes) zillions of pages on my > servers everyday. Yeah, kinda nifty, eh? ;) > > > [Tue Sep 24 00:30:00 2002] [notice] child pid 3713 exit signal > Segmentation > > fault (11) > > [Tue Sep 24 00:30:03 2002] [notice] child pid 4234 exit signal > Segmentation > > fault (11) > > [Tue Sep 24 00:30:08 2002] [notice] child pid 3711 exit signal > Segmentation > > fault (11) > > This is a bad sign... have you got any unusual modules loaded? I know of > one vendor that has an Apache module that conflicts with libssl if they > are loaded the right way. No unusual modules loaded. httpd -l output is: Compiled-in modules: http_core.c mod_env.c mod_log_config.c mod_mime.c mod_negotiation.c mod_status.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c mod_asis.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_rewrite.c mod_access.c mod_auth.c mod_so.c mod_setenvif.c mod_ssl.c suexec: disabled; invalid wrapper /usr/local/apache/bin/suexec > > > Server config is as follows: > > > > Red Hat 6.2, Apache 1.3.26, PHP 4.12, mod_ssl 2.8.10, OpenSSL 0.9.5a. > > 0.9.5a is ancient... It looks like you're building apache and mod_ssl > from source; I'd build openssl (0.9.6g) from source too and use that > instead of the RH6.2 distributed openssl libraries. Yeah, and with finally catching up on my bugtraq last night, I've read more into the OpenSSL funnies that have been happening lately. Will update the OpenSSL and rebuild everything tonight. Thanks for the tips Shawn > > -- > Harald Koch <[EMAIL PROTECTED]> > > "It takes a child to raze a village." > -Michael T. Fry > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
