To make Mac IE (and some older Windows IEs) work, you need to turn on
session caching and turn off some ciphers. Here's an example config:
ns_section "ns/server/${servername}/module/nsopenssl"
ns_param ServerPort $httpsport
ns_param ServerHostname $hostname
ns_param ServerAddress $address
ns_param ServerCertFile certfile.pem
ns_param ServerKeyFile keyfile.pem
ns_param ServerProtocols All
ns_param ServerCipherSuite "ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+E
XP:+eNULL"
ns_param ServerSessionCache true
ns_param ServerSessionCacheID 1
ns_param ServerSessionCacheSize 512
ns_param ServerSessionCacheTimeout 300
ns_param ServerPeerVerify false
ns_param ServerPeerVerifyDepth 3
ns_param ServerCADir ca
ns_param ServerCAFile ca.pem
ns_param ServerTrace false
ns_param RandomFile /dev/urandom
ns_param SeedBytes 1024
Pete.
On Fri, 3 May 2002, Chad S. Lauritsen wrote:
> Hello all,
>
> Sorry if this has been discussed already...are there web archives
> somewhere???
>
> We are running nsopenssl with aolserver 3.4.2.
>
> It seems that when macs attempt to connect with IE 5.x, the Mac user
> gets a "data decryption error".
>
> The server error log says:
> [30/Apr/2002:09:36:41][19294.18439][-conn6-] Error: nsopenssl: EOF during SSL
>handshake
>
> Not really sure what is going wrong as I haven't been able to get much info from Mac
> IE about it SSL support using the about menus, etc.
>
> Anyone have any pointers?
>
> TIA,
>
> Chad
>
> --
> Everyone talks like they don't want megadatabases tracking | from:
> their every purchasing move, but if McDonalds offered 3 | Secrets & Lies
> Big Macs for a DNA sample, there'd be lines around the block.| by Bruce Schneier
> Visit http://planetlauritsen.com
>
