IE6 SSL problems
OK, I know the IE/SSL issue has been discussed in the past. I've read as many posts and FAQs on the issue as I can. All of the fixes that I've found are implemented in my configuration (in fact, was done so automatically at server build time). All of my users run IE 5.5, 5.5sp2, 6, or 6sp1 as they are all Windows 2000. When attempting to access the secure area on my webserver, they recieve a 'page cannot be displayed' error. Upon refresh, 70% of the page will properly appear. Another refresh and the rest may appear OR the error will come up again. Another refresh and the same thing OR it will come up fine. It's a vicious cycle, I tell ya! I have been able to confirm the error on both Win98 Win2k using IE6 and 6sp1. I do get this error in the log files from time to time: [Wed Sep 11 10:27:48 2002] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows) But, more often (in fact, on any IE access), I see this in my logs: [Tue Sep 24 00:30:00 2002] [notice] child pid 3713 exit signal Segmentation fault (11) [Tue Sep 24 00:30:03 2002] [notice] child pid 4234 exit signal Segmentation fault (11) [Tue Sep 24 00:30:08 2002] [notice] child pid 3711 exit signal Segmentation fault (11) Upon a SIGHUP of apache, IE will work beautifully for, maybe, 3 minutes, then the errors start all over again. Sigh. Of course, no problem with Netscape or Mozilla on Windows or UNIX. Server config is as follows: Red Hat 6.2, Apache 1.3.26, PHP 4.12, mod_ssl 2.8.10, OpenSSL 0.9.5a. Certificate is self-signed test cert. Snips from http.conf: SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache SSLSessionCacheTimeout 300 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Any other pointers would be GREATLY appreciated. :) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: IE6 SSL problems
All of my users run IE 5.5, 5.5sp2, 6, or 6sp1 as they are all Windows 2000. When attempting to access the secure area on my webserver, they recieve a 'page cannot be displayed' error. Upon refresh, 70% of the page will properly appear. Another refresh and the rest may appear OR the error will come up again. Another refresh and the same thing OR it will come up fine. Cool. I've never seen this one, and I use IE (various versions) to access apache (various versions, various OSes) zillions of pages on my servers everyday. [Tue Sep 24 00:30:00 2002] [notice] child pid 3713 exit signal Segmentation fault (11) [Tue Sep 24 00:30:03 2002] [notice] child pid 4234 exit signal Segmentation fault (11) [Tue Sep 24 00:30:08 2002] [notice] child pid 3711 exit signal Segmentation fault (11) This is a bad sign... have you got any unusual modules loaded? I know of one vendor that has an Apache module that conflicts with libssl if they are loaded the right way. Server config is as follows: Red Hat 6.2, Apache 1.3.26, PHP 4.12, mod_ssl 2.8.10, OpenSSL 0.9.5a. 0.9.5a is ancient... It looks like you're building apache and mod_ssl from source; I'd build openssl (0.9.6g) from source too and use that instead of the RH6.2 distributed openssl libraries. -- Harald Koch [EMAIL PROTECTED] It takes a child to raze a village. -Michael T. Fry __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: IE6 SSL problems
Due to unaviodable circumstances, I am away from the office until the Monday 30th September 2002 I will get back to you as soon as i can on my return. If it's an urgent Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter that requires urgent attention then please contact either Kirsteen1, Sanjay1 or Jeff1 who should be able to help. If the problem relates to mubsweb please contact sanjay1 If the probelm relates to OASIS or WebCT please contact Kirsteen1 If your query relates to mbs or it support please contact Jeff1 All the best Alex __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: IE6 SSL problems
Quoting Harald Koch [EMAIL PROTECTED]: All of my users run IE 5.5, 5.5sp2, 6, or 6sp1 as they are all Windows 2000. When attempting to access the secure area on my webserver, they recieve a 'page cannot be displayed' error. Upon refresh, 70% of the page will properly appear. Another refresh and the rest may appear OR the error will come up again. Another refresh and the same thing OR it will come up fine. Cool. I've never seen this one, and I use IE (various versions) to access apache (various versions, various OSes) zillions of pages on my servers everyday. Yeah, kinda nifty, eh? ;) [Tue Sep 24 00:30:00 2002] [notice] child pid 3713 exit signal Segmentation fault (11) [Tue Sep 24 00:30:03 2002] [notice] child pid 4234 exit signal Segmentation fault (11) [Tue Sep 24 00:30:08 2002] [notice] child pid 3711 exit signal Segmentation fault (11) This is a bad sign... have you got any unusual modules loaded? I know of one vendor that has an Apache module that conflicts with libssl if they are loaded the right way. No unusual modules loaded. httpd -l output is: Compiled-in modules: http_core.c mod_env.c mod_log_config.c mod_mime.c mod_negotiation.c mod_status.c mod_include.c mod_autoindex.c mod_dir.c mod_cgi.c mod_asis.c mod_imap.c mod_actions.c mod_userdir.c mod_alias.c mod_rewrite.c mod_access.c mod_auth.c mod_so.c mod_setenvif.c mod_ssl.c suexec: disabled; invalid wrapper /usr/local/apache/bin/suexec Server config is as follows: Red Hat 6.2, Apache 1.3.26, PHP 4.12, mod_ssl 2.8.10, OpenSSL 0.9.5a. 0.9.5a is ancient... It looks like you're building apache and mod_ssl from source; I'd build openssl (0.9.6g) from source too and use that instead of the RH6.2 distributed openssl libraries. Yeah, and with finally catching up on my bugtraq last night, I've read more into the OpenSSL funnies that have been happening lately. Will update the OpenSSL and rebuild everything tonight. Thanks for the tips Shawn -- Harald Koch [EMAIL PROTECTED] It takes a child to raze a village. -Michael T. Fry __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
Jim Lee wrote: Hi, I wish to have this file that hunter has contributed (Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip) to be available to everyone without any problems. Jim and friends, I have also tried to contact someone at OpenSSL, with no reply. My server is managing and there have been fairly frequent downloads -- I am not concerned yet. I will have to remove the files if it looks as though I will exceed my upload limit. My original concerns are probably unwarranted. The files are not that large, so if you can endure the slow download, you are all welcome to help yourselves. Jim, the build is ok then? You have it up and running? Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
On Wed, 25 Sep 2002, hunter wrote: My server is managing and there have been fairly frequent downloads -- I am not concerned yet. I will have to remove the files if it looks as though I will exceed my upload limit. My original concerns are probably unwarranted. Why not just upload it to the contrib area at modssl.org? --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
Cliff Woolley wrote: On Wed, 25 Sep 2002, hunter wrote: My server is managing and there have been fairly frequent downloads -- I am not concerned yet. I will have to remove the files if it looks as though I will exceed my upload limit. My original concerns are probably unwarranted. Why not just upload it to the contrib area at modssl.org? --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Cliff, I have tried. I am not sure whether I am doing something wrong or the page is broken. I will try again, but each time I try to FTP, the write fails. I am open to any suggestions. I sent Ralf a note but he has not replied. I should have sent a note to you ... :-) Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
[ATTN RALF] Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
On Wed, 25 Sep 2002, hunter wrote: I am open to any suggestions. I sent Ralf a note but he has not replied. I should have sent a note to you ... :-) I don't have any more access to modssl.org than you do, unfortunately... :-/ If it were apache.org, that would be another matter. But there's a reason we can't distribute crypto binaries from apache.org -- if we could, we would. Guess we wait for Ralf to check up on the contrib area. Thanks, --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
If you'd like, I'd be more than happy to host the file for download on my network - Original Message - From: hunter [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 25, 2002 1:42 AM Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip Cliff Woolley wrote: On Wed, 25 Sep 2002, hunter wrote: My server is managing and there have been fairly frequent downloads -- I am not concerned yet. I will have to remove the files if it looks as though I will exceed my upload limit. My original concerns are probably unwarranted. Why not just upload it to the contrib area at modssl.org? --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Cliff, I have tried. I am not sure whether I am doing something wrong or the page is broken. I will try again, but each time I try to FTP, the write fails. I am open to any suggestions. I sent Ralf a note but he has not replied. I should have sent a note to you ... :-) Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
hunter wrote: Cliff Woolley wrote: On Wed, 25 Sep 2002, hunter wrote: My server is managing and there have been fairly frequent downloads -- I am not concerned yet. I will have to remove the files if it looks as though I will exceed my upload limit. My original concerns are probably unwarranted. Why not just upload it to the contrib area at modssl.org? --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Cliff, I have tried. I am not sure whether I am doing something wrong or the page is broken. I will try again, but each time I try to FTP, the write fails. I am open to any suggestions. I sent Ralf a note but he has not replied. I should have sent a note to you ... :-) Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Cliff, I did try again ... seems to work this time. ??? And ... someone else must have put the binaries there as well ... but I didn't overwrite them. Thanks for the nudge... Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
On Wed, 25 Sep 2002, Ken Campney wrote: If you'd like, I'd be more than happy to host the file for download on my network If you're in the states, you have to watch out for export restrictions... other than that, fine by me. :) --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
Ken Campney wrote: If you'd like, I'd be more than happy to host the file for download on my network - Original Message - From: hunter [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 25, 2002 1:42 AM Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip Ken, it is nice of you to offer. http://tor.ath.cx/~hunter/apache/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip I just made the new Apache as well... http://tor.ath.cx/~hunter/apache/Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip I also tried again to upload to ModSSL (again) and still cannot write the files there. I am in Toronto. I suppose I should pay more attention to the export rules - is Canada included? Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
wow! It's going to take longer than expected to find an answer to US export issues, more exact what I need to do to protect myself :-/ . I'm going to look into this and as soon as I get a answer I'll let you know. - Original Message - From: Cliff Woolley [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 25, 2002 1:51 AM Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip On Wed, 25 Sep 2002, Ken Campney wrote: If you'd like, I'd be more than happy to host the file for download on my network If you're in the states, you have to watch out for export restrictions... other than that, fine by me. :) --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip
Yea, it's international. The US can export to Canada with no problems, but it becomes messy with other countries. - Original Message - From: hunter [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 25, 2002 2:08 AM Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip Ken Campney wrote: If you'd like, I'd be more than happy to host the file for download on my network - Original Message - From: hunter [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 25, 2002 1:42 AM Subject: Re: Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g-Win32.zip Ken, it is nice of you to offer. http://tor.ath.cx/~hunter/apache/Apache_1.3.26-Mod_SSL_2.8.10-OpenSSL_0.9.6g -Win32.zip http://tor.ath.cx/~hunter/apache/Openssl-0.9.6g-Win32.zip I just made the new Apache as well... http://tor.ath.cx/~hunter/apache/Apache_2.0.42-OpenSSL_0.9.6g-Win32.zip I also tried again to upload to ModSSL (again) and still cannot write the files there. I am in Toronto. I suppose I should pay more attention to the export rules - is Canada included? Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]