On Sun, Mar 28, 1999, John Hamlik wrote:
> 1) The patch from Ralf with the modified regex of ".*MSIE.*" works to
> work around the issue.
Fine, this means it now even works for MSIE clients.
That makes me finally _very_ happy! Puhh....
> Seems like there must be a better way. hmmm. Has
> anyone reported this to Microsoft? I know it probably wouldn't do much
> good but it seems like they have a problem with a standard and we would
> still have to work around it.
The only better way is that Microsoft fixes their MSIE clients, of course.
Because their software doesn't correctly handle keep-alive connections and the
SSL close notify alerts on connection close. At least our current work-around
is the most clean work-around we can do on the server-side, of course.
> 2) Happens only with IE clients.
Yes, I know....
> 3) Must be refreshed between 16 and 59 secs with standard installation.
> 4) Must have more than one file being accessed per child process per
> refresh. A simple html page will not cause the error. A page with a
> graphic for instance will cause the error. Why??
A page with a graphic usually means that the graphic is transferred in the
kept-alive connection. The problem MSIE has really seems to be related to a
combination of the keep-alive facility of HTTP and the close notify alerts of
SSL/TLS.
> 5) When the error occurs their is nothing recorded in any of the server
> logs with debug enabled on both apache and mod_ssl.
That's interesting, because it means mod_ssl cannot see any unusual packets,
but MSIE internally reached his bugs.
> 6) If one disables keep-alives the problem doesn't exists.
Yes, as I said: The problem is a _combination_ of keep-alive and SSL close
notify alerts.
> 7) Seems like it would be easy for people to screw up and not put the
> SetEnvIf in the SSL-aware virtual host and then post the issue again.
I'll both enable the SetEnvIf per default in httpd.conf-dist with 2.2.7 and
add an entry to the mod_ssl FAQ. Thanks for the hint.
> 7) The new suite (apache,mod_ssl,openssl) passes all of my test now!
> yippie..
> 7) Ralf does a great job! Thank you.
Fine, thanks. And I've to thank you all for discovering the MSIE bug and
helping me in finding a final work-around, of course.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
