Hi, I would try and make the F5 box support sticky SSL sessions. The problem stems from the statefulness of SSL; Once you have a shared secret between a client and a server, the client should always contact the same backend server, for multiple TCP connections until the SSL session is torn down. I'd think that netscape buffers all requests in a few connections (maybe one) using keepalive, and IE gets keepalive refused/wrong. Since the load balancer sees more requests coming from IE, it has a higher probability of sending some of them to another server that knows nothing about that SSL session. Later, Kos | Hello, | | I am running mod_ssl with Apache, on 2 different servers. I am | using a BIG/IP to do load balancing between the machines. I seem to be | running into a problem using an IE web client attaching to these | sites. Basically what happens is on connect, half the page will come up | than an error will popup saying, "Internet Explorer cannot open the site | https://mysite/somepage.html, an error occured in the support | channel." When I click "ok" I get another warning box asking if I want to | download non-secure items. If I click on yes it fails to load the page, | but if I than return to this page it loads up just fine. I have "SetEnvIf | User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown" in my conf file, I | also tried without this. This problem does not happen with Netscape. I | have not yet tried to use SSL persistence on my load balancers, mainly | because everything seems fine in Netscape. Has anyone seen this before? I | looked in the FAQ and HOWTO and didn't see this particular problem | mentioned. | | Thanks | | Adam Mazza | | | ______________________________________________________________________ | Apache Interface to OpenSSL (mod_ssl) www.modssl.org | User Support Mailing List [EMAIL PROTECTED] | Automated List Manager [EMAIL PROTECTED] -- ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
