Thank you Lukas. We will see whether SSLv3 improves things. Best,
Merton On Wed, Jun 19, 2013 at 1:15 AM, Lukas Tribus <[email protected]> wrote: > Hi Merton! > > > don't forget to CC the mailing-list :) > > > > Out of the 5 possible causes you listed, we probably can't do much > > about the other ones. But we can control the above two from our end. I > > suppose that most 'modern' browsers nowadays should be able to do TLS > > v1.0, and SSLv3 is considered as a weaker choice (But I wonder if it > > will make more compatible for clients to support both TLSv1.0 and > > SSLv3?). The specific ciphers we've chosen is to speed up the SSL but > > it might 'screen out' some clients. > > The issue is probably with embedded, mobile and outdated browsers. > If you have a 5 year old Windows CE phone, chances are it will connect > in SSLv3 only (for example). > > > > > We also see in the log that some clients connected/handshake > > successfully initially on some page, but failed the handshake in > > subsequent requests to other parts of the site. > > Keep in mind that a browsers may open a connection to accelerate a > _possible_ future HTTP transaction - and if the users doesn't request > another page, the connection will just be dropped. > > Those optimizations in browsers can trigger warnings on the server-side. > > > > > Any suggestion on making SSL as much compatible as possible while > > keeping it fast? > > You may enable SSLv3 again and monitor the log. > > > > Regards, > > Lukas
