Re: Practical solution for MSIE problems!?
On Mon, Mar 29, 1999, John Hamlik wrote: So which is better, SetEnvif or BrowserMatch per Toru Takinaka? I prefer the canonical SetEnvIf, because BrowserMatch is historically and is internally mapped to "SetEnvIf User-Agent" by mod_setenvif and mainly provided for backward compatibility reasons. But the results are the same, of course. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Practical solution for MSIE problems!?
On Sun, Mar 28, 1999, John Hamlik wrote: The problem still exists on https://en4.engelschall.com/manual/mod/mod_ssl hmmm... I am checking further, will post more shortly. Oh shit, my fault: MSIE actually comes in with a User-Agent of "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)", so the regex has to be ".*MSIE.*" and not "^MSIE.*". Fixed on en4.engelschall.com. Please try again. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Practical solution for MSIE problems!?
it seems ok for me! nt4/sp3, IE4 (4.72.2106.8) ip 195.230.1.157, [29/Mar/1999:08:59:48 +0200] in your access log -- Dimitar Stoikov. Primasoft Ltd, Internet Dept. Take hold of OpenBSD - http://www.OpenBSD.org __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Practical solution for MSIE problems!?
This is what I know: 1) The patch from Ralf with the modified regex of ".*MSIE.*" works to work around the issue. Seems like there must be a better way. hmmm. Has anyone reported this to Microsoft? I know it probably wouldn't do much good but it seems like they have a problem with a standard and we would still have to work around it. 2) Happens only with IE clients. 3) Must be refreshed between 16 and 59 secs with standard installation. 4) Must have more than one file being accessed per child process per refresh. A simple html page will not cause the error. A page with a graphic for instance will cause the error. Why?? 5) When the error occurs their is nothing recorded in any of the server logs with debug enabled on both apache and mod_ssl. 6) If one disables keep-alives the problem doesn't exists. 7) Seems like it would be easy for people to screw up and not put the SetEnvIf in the SSL-aware virtual host and then post the issue again. 7) The new suite (apache,mod_ssl,openssl) passes all of my test now! yippie.. 7) Ralf does a great job! Thank you. John __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Practical solution for MSIE problems!?
So, those of you who've still problems with MSIE clients, should now apply the appended patch to ssl_engine_kernel.c and add the following line to the SSL-aware virtual host: SetEnvIf User-Agent "^MSIE.*" ssl-unclean-shutdown I think that this line is wrong. IE 5.0 User-Agent is Mozilla/4.0 (compatible; MSIE 5.0; Windows NT) then it matches SetEnvIf User-Agent "^.*MSIE.*" ssl-unclean-shutdown or BrowserMatch "MSIE" ssl-unclean-shutdown I added the following line to the SSL-aware virtual host: BrowserMatch "MSIE" ssl-unclean-shutdown And it works fine. __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Practical solution for MSIE problems!?
On Mon, Mar 29, 1999, Toru Takinaka wrote: So, those of you who've still problems with MSIE clients, should now apply the appended patch to ssl_engine_kernel.c and add the following line to the SSL-aware virtual host: SetEnvIf User-Agent "^MSIE.*" ssl-unclean-shutdown I think that this line is wrong. IE 5.0 User-Agent is Mozilla/4.0 (compatible; MSIE 5.0; Windows NT) then it matches SetEnvIf User-Agent "^.*MSIE.*" ssl-unclean-shutdown or BrowserMatch "MSIE" ssl-unclean-shutdown I added the following line to the SSL-aware virtual host: BrowserMatch "MSIE" ssl-unclean-shutdown And it works fine. Yeah, sorry. This was my fault. I've overlooked the fact that MSIE announces itself as Mozilla. It's now already fixed for 2.2.7 where the SetEnvIf is enabled per default. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Practical solution for MSIE problems!?
On Mon, Mar 29, 1999, Dimitar Stoikov wrote: it seems ok for me! nt4/sp3, IE4 (4.72.2106.8) ip 195.230.1.157, [29/Mar/1999:08:59:48 +0200] in your access log Pu.. what a happy start for a week ;-) You cannot image how much trouble the MSIE issue caused me... Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Practical solution for MSIE problems!?
On Sun, Mar 28, 1999, John Hamlik wrote: 1) The patch from Ralf with the modified regex of ".*MSIE.*" works to work around the issue. Fine, this means it now even works for MSIE clients. That makes me finally _very_ happy! Puhh Seems like there must be a better way. hmmm. Has anyone reported this to Microsoft? I know it probably wouldn't do much good but it seems like they have a problem with a standard and we would still have to work around it. The only better way is that Microsoft fixes their MSIE clients, of course. Because their software doesn't correctly handle keep-alive connections and the SSL close notify alerts on connection close. At least our current work-around is the most clean work-around we can do on the server-side, of course. 2) Happens only with IE clients. Yes, I know 3) Must be refreshed between 16 and 59 secs with standard installation. 4) Must have more than one file being accessed per child process per refresh. A simple html page will not cause the error. A page with a graphic for instance will cause the error. Why?? A page with a graphic usually means that the graphic is transferred in the kept-alive connection. The problem MSIE has really seems to be related to a combination of the keep-alive facility of HTTP and the close notify alerts of SSL/TLS. 5) When the error occurs their is nothing recorded in any of the server logs with debug enabled on both apache and mod_ssl. That's interesting, because it means mod_ssl cannot see any unusual packets, but MSIE internally reached his bugs. 6) If one disables keep-alives the problem doesn't exists. Yes, as I said: The problem is a _combination_ of keep-alive and SSL close notify alerts. 7) Seems like it would be easy for people to screw up and not put the SetEnvIf in the SSL-aware virtual host and then post the issue again. I'll both enable the SetEnvIf per default in httpd.conf-dist with 2.2.7 and add an entry to the mod_ssl FAQ. Thanks for the hint. 7) The new suite (apache,mod_ssl,openssl) passes all of my test now! yippie.. 7) Ralf does a great job! Thank you. Fine, thanks. And I've to thank you all for discovering the MSIE bug and helping me in finding a final work-around, of course. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Practical solution for MSIE problems!?
In which versions of MSIE did this occur? I was thinking of a more specific regexp so that not *all* M$IE users trigger the unclean ssl shutdown behaviour... /magnus __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Practical solution for MSIE problems!?
Having read all the technical stuff about this problem could we run a test with out the patch but killing keepalives for MSIE. I seem to remember problems with MSIE and this before. ___ John Imrie, Internet Technical Specialist [EMAIL PROTECTED] +44 (0)1732 520136 http://www.charitynet.org * CAF - working for charities and donors * Registered Charity No. 268369 __ -Original Message- From: John Hamlik [SMTP:[EMAIL PROTECTED]] Sent: Monday, March 29, 1999 8:28 AM To: '[EMAIL PROTECTED]' Subject: RE: Practical solution for MSIE problems!? This is what I know: 1) The patch from Ralf with the modified regex of ".*MSIE.*" works to work around the issue. Seems like there must be a better way. hmmm. Has anyone reported this to Microsoft? I know it probably wouldn't do much good but it seems like they have a problem with a standard and we would still have to work around it. 2) Happens only with IE clients. 3) Must be refreshed between 16 and 59 secs with standard installation. 4) Must have more than one file being accessed per child process per refresh. A simple html page will not cause the error. A page with a graphic for instance will cause the error. Why?? 5) When the error occurs their is nothing recorded in any of the server logs with debug enabled on both apache and mod_ssl. 6) If one disables keep-alives the problem doesn't exists. 7) Seems like it would be easy for people to screw up and not put the SetEnvIf in the SSL-aware virtual host and then post the issue again. 7) The new suite (apache,mod_ssl,openssl) passes all of my test now! yippie.. 7) Ralf does a great job! Thank you. John __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Practical solution for MSIE problems!?
On Mon, Mar 29, 1999, Magnus Stenman wrote: In which versions of MSIE did this occur? Actually on MSIE version 3, 4 and 5. Look at the inital summary posting from me. There the client versions are listed. I was thinking of a more specific regexp so that not *all* M$IE users trigger the unclean ssl shutdown behaviour... Yes, I've thought about this, too. But I've finally decided that it's more safe to force the unclean shutdown for _all_ MSIE clients until the first version occurs on the net which always works. People can use more specific regex when they want, but for the default config I think it's best and safe to use ".*MSIE.*"... Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Practical solution for MSIE problems!?
On Mon, Mar 29, 1999, John Imrie wrote: Having read all the technical stuff about this problem could we run a test with out the patch but killing keepalives for MSIE. I seem to remember problems with MSIE and this before. Ok, I've now changed the config on en4.engelschall.com to just ``SetEnvIf User-Agent ".*MSIE.*" nokeepalive'' and disabled the ssl-unclean-shutdown SetEnvIf. Try it out when you want and give us feedback. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Practical solution for MSIE problems!?
One other thing to remember is this is only for https sessions. This problem does not exists for http sessions. So whichever you choose should be for https only. John -Original Message- From: John Imrie [mailto:[EMAIL PROTECTED]] Sent: Monday, March 29, 1999 5:27 AM To: '[EMAIL PROTECTED]' Subject: RE: Practical solution for MSIE problems!? MSIE 5.0 (Win 95) No problems MSIE 4.0 (Win 95) No problems ___ John Imrie, Internet Technical Specialist [EMAIL PROTECTED] +44 (0)1732 520136 http://www.charitynet.org * CAF - working for charities and donors * Registered Charity No. 268369 __ -Original Message- From: Ralf S. Engelschall [SMTP:[EMAIL PROTECTED]] Sent: Monday, March 29, 1999 11:08 AM To: [EMAIL PROTECTED] Subject:Re: Practical solution for MSIE problems!? On Mon, Mar 29, 1999, John Imrie wrote: Having read all the technical stuff about this problem could we run a test with out the patch but killing keepalives for MSIE. I seem to remember problems with MSIE and this before. Ok, I've now changed the config on en4.engelschall.com to just ``SetEnvIf User-Agent ".*MSIE.*" nokeepalive'' and disabled the ssl-unclean-shutdown SetEnvIf. Try it out when you want and give us feedback. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Practical solution for MSIE problems!?
The problem still exists on https://en4.engelschall.com/manual/mod/mod_ssl hmmm... I am checking further, will post more shortly. John I've already applied the patch and the above two directives to the server on en4.engelschall.com, so for a quick test, those who still had problems there can now again connect to https://en4.engelschall.com/ with the MSIE clients and try again. I really hope the problems are now gone. When not, I've no more clue what we can do... Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
