DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17865>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17865 IE SSL Session failure with mod_SSL Summary: IE SSL Session failure with mod_SSL Product: Apache httpd-1.3 Version: 1.3.27 Platform: Sun OS/Version: Solaris Status: NEW Severity: Major Priority: Other Component: Other mods AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] In the latest version of apache (1.3.27) IE clients generate modSSL confusions far more frequently than they did in 1.3.26. In fact I dont think I had any in 1.3.26. The problem never occurs on an initial connection when the certificate is presented over SSL2/3, but can occur on subsequent requests when IE tries to use a SSLSession ID. It happens when consecutive requests are made from IE clients, I haven't duplicated this in any other browser. The Initial connection always seems to work: Client -> server SSLv2 Client Hello Server -> client SSLv3 Server Hello, Certificate Client -> server SSLv3 Client key exchange, Change cipher, handshake Server -> client SSLv3 Change cipher, handshake Server <> client SSLv3 Data However following connections may fail: Client -> server SSLv3 Client Hello Server -> client SSLv3 Server Hello, Change cipher, handshake At this point either: IE closes the connection. OR: The handshake continues. Client -> server SSLv3 Change cipher, handshake Server <> client SSLv3 Data The config hasn't been changed, I have the SSLSesion directives and the force-downgrade for IE clients, etc...... In the logs I have: [04/Mar/2003 15:00:16 04121] [info] Connection to child 6 established (server my.server.net:443, client 10.10.10.10) [04/Mar/2003 15:00:16 04121] [info] Seeding PRNG with 1160 bytes of entropy [04/Mar/2003 15:00:16 04121] [info] Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
