In article <> you wrote:
> I've created a secure Apache server using mod_ssl and it works fine. But as
> I tried to click lots of links in a secure environment while pages are
> still received I sometimes get the message that there was an insecure item
> in the page, so Internet Explorer switches to non-secure mode. The server
> then diplays a:
> [Sun Oct 18 22:34:35 1998] [error] mod_ssl: SSL_accept failed
> The site however has a 'SSLRequireSSL' in a .htaccess file, so why does the
> webserver allow non-secure connections at that time?
First, the above SSL_accept failed can have a lot of reasons. The SSLeay
error should be printed, too. Second, the SSLRequireSSL is done later in the
Apache processing. So at least the SSL handshake has to be performed first.
Then Apache can find the SSLRequireSSL, determine that HTTPS is not used and
deny access. So, it doesn't allow non-secure communication, just the
establishment of the connection. But why MSIE switches to non-secure mode you
have to find out by inspecting your HTML pages and the contained hyperlinks...
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
