RE: MSIE POST problem
Yes, using the dmb version... --pete -Original Message- From: David Rees [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 24, 2001 6:55 PM To: '[EMAIL PROTECTED]' Subject: Re: MSIE POST problem On Wed, Oct 24, 2001 at 05:38:40PM -0700, Peter Morelli wrote: Sorry, I have the same situation after using those config lines. I had seen them on the mailing list before, but just to be sure I've just retested them. No change. Same symptoms and solutions... And you do have a ssl session cache defined? -Dave __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: MSIE POST problem
try the shm version, eg: SSLSessionCacheshm:/var/run/ssl_scache(512000) Seems to work better for everyone. - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] -Original Message- From: Peter Morelli [mailto:[EMAIL PROTECTED]] Sent: 25 October 2001 16:37 To: '[EMAIL PROTECTED]' Subject: RE: MSIE POST problem Yes, using the dmb version... --pete -Original Message- From: David Rees [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 24, 2001 6:55 PM To: '[EMAIL PROTECTED]' Subject: Re: MSIE POST problem On Wed, Oct 24, 2001 at 05:38:40PM -0700, Peter Morelli wrote: Sorry, I have the same situation after using those config lines. I had seen them on the mailing list before, but just to be sure I've just retested them. No change. Same symptoms and solutions... And you do have a ssl session cache defined? -Dave __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: MSIE POST problem
I changed to shm from dbm, but it doesn't seem to solve my problem. The thing I don't understand is why unselecting show friendly http error pages somehow lets the form post be downgraded. Does apache use some sort of redirect header to downgrade the request, and MSIE interprets that header as an error? --peter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 25, 2001 9:08 AM To: [EMAIL PROTECTED] Subject: RE: MSIE POST problem try the shm version, eg: SSLSessionCacheshm:/var/run/ssl_scache(512000) Seems to work better for everyone. - John Airey Internet systems support officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] -Original Message- From: Peter Morelli [mailto:[EMAIL PROTECTED]] Sent: 25 October 2001 16:37 To: '[EMAIL PROTECTED]' Subject: RE: MSIE POST problem Yes, using the dbm version... --pete -Original Message- From: David Rees [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 24, 2001 6:55 PM To: '[EMAIL PROTECTED]' Subject: Re: MSIE POST problem On Wed, Oct 24, 2001 at 05:38:40PM -0700, Peter Morelli wrote: Sorry, I have the same situation after using those config lines. I had seen them on the mailing list before, but just to be sure I've just retested them. No change. Same symptoms and solutions... And you do have a ssl session cache defined? -Dave __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: MSIE POST problem
I've done a little more testing, and it seems like turning OFF the Show friendly http error pages option in MSIE allows apache/mod_ssl to downgrade the connection to HTTP/1.0 correctly. Turning it back on again leads to a situation where it is NOT downgraded, and you get the server not found page. Again, this is only for file uploads. --pete -Original Message- From: Peter Morelli Sent: Wednesday, October 24, 2001 11:59 AM To: '[EMAIL PROTECTED]' Subject: MSIE POST problem I'm having quite a perplexing problem, and I was hoping someone could give me a hint here on this list. First, my environment: - Solaris 2.6 - Apache 1.3.20 - modssl 2.8.4 - openssl 0.9.6b - Weblogic 5.1 - MSIE 5.5 sp1 I'm using apache to frontend WebLogic through a BEA provided module. My problem: It seems similar to some of the archived posts on this list as well as a section of the FAQ, as it is the Server not found error from MSIE. I start out with a form retrieved over regular HTTP, and post a file upload to a HTTPS URL. However, even after enabling the various fixes (SetEnvIf to downgrade, etc) detailed in the FAQ and past posts, it still doesn't work. I invariably get a server not found page. However, if I go to IE's Tools-Internet Options-Advanced and uncheck Show friendly HTTP error messages, everything seems to work fine. Very weird. The error posts never even show up in my apache or weblogic logs, though after I turned the modssl log up to debug I can see some activity, and snoop picks up the packets between machines. Some other variables: - I use self generated certificates, which generate an accept certificate box in IE when it does work - Non-standard ports: 8110 for http, 8115 for https, in a Virtual hosts. The SetEnvIf downgrade is out in the main server config. - When I do standard form posts (just fields) this problem rarely crops up, if ever. - From the modssl debug logs, it looks like the multi-part form request (file upload) establishes a regular ssl connection, which closes with a standard shutdown, while a regular post does downgrade and uses an unclean shutdown... I have tried MANY different configurations, and I can't seem to get it to work. Any help would be greatly appreciated, as I'd rather not go back to serving http with weblogic (which doesn't seem to have a problem with IE). --peter __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: MSIE POST problem
On Wed, Oct 24, 2001 at 03:47:11PM -0700, Peter Morelli wrote: I've done a little more testing, and it seems like turning OFF the Show friendly http error pages option in MSIE allows apache/mod_ssl to downgrade the connection to HTTP/1.0 correctly. Turning it back on again leads to a situation where it is NOT downgraded, and you get the server not found page. Again, this is only for file uploads. It seems that recent versions (5.x+) of MSIE don't like being downgrade to HTTP/1.0. Try this config in place of your current SetEnvIf or BrowserMatch directive: BrowserMatch MSIE [1-4] nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 BrowserMatch MSIE [5-9] ssl-unclean-shutdown You may be able to get away without having the second line entirely, but I haven't tested it myself. Let us know how it works out. -Dave __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: MSIE POST problem
Sorry, I have the same situation after using those config lines. I had seen them on the mailing list before, but just to be sure I've just retested them. No change. Same symptoms and solutions... --pete -Original Message- From: David Rees [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 24, 2001 5:03 PM To: '[EMAIL PROTECTED]' Subject: Re: MSIE POST problem On Wed, Oct 24, 2001 at 03:47:11PM -0700, Peter Morelli wrote: I've done a little more testing, and it seems like turning OFF the Show friendly http error pages option in MSIE allows apache/mod_ssl to downgrade the connection to HTTP/1.0 correctly. Turning it back on again leads to a situation where it is NOT downgraded, and you get the server not found page. Again, this is only for file uploads. It seems that recent versions (5.x+) of MSIE don't like being downgrade to HTTP/1.0. Try this config in place of your current SetEnvIf or BrowserMatch directive: BrowserMatch MSIE [1-4] nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 BrowserMatch MSIE [5-9] ssl-unclean-shutdown You may be able to get away without having the second line entirely, but I haven't tested it myself. Let us know how it works out. -Dave __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: MSIE POST problem
On Wed, Oct 24, 2001 at 05:38:40PM -0700, Peter Morelli wrote: Sorry, I have the same situation after using those config lines. I had seen them on the mailing list before, but just to be sure I've just retested them. No change. Same symptoms and solutions... And you do have a ssl session cache defined? -Dave __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]