Hi,
Could anyone help me with crazy MSIE.
There are some versions of IE (5.00.2xx to 5.00.28xx) with 56-bit key
which has problems with cipher negotiation.
When I connect to FQDN URL, negotiated cipher (?) is RC4-MD5 (128/128)
and connection fails (browser do not support that !?).
When I connect to that server with IP URL cipher is different and
connection works.
Every other lower version IE (4.0 with 40-bit key) and
higher (with 128-bit key) works well.
I'm using mod_ssl-2.6.4-1.3.12 with openssl-0.9.5a, apache 1.3.12
with standard cofiguration.
I have no idea that to do. Please HELP.
Here goes logs from that situation:
Connection to URL https://www :
1. Connection to child 0 established
(server www.pl:443, client 10.0.0.3)
2. Seeding PRNG with 1160 bytes of entropy
3. Connection: Client IP: 10.0.0.3, Protocol: SSLv3,
Cipher: EXP1024-RC4-SHA (56/128 bits)
4. Connection: Client IP: 10.0.0.3, Protocol: SSLv3,
Cipher: RC4-MD5 (128/128 bits) <-- wrong cipher ???
5. Connection to child 0 closed with standard shutdown
(server www:443, client 10.0.0.3)
<-- lost IE - "dnserror" !!!
--------------------------------------------
Connection to above URL with no DNS https://10.0.0.2 (www)
1. Connection to child 4 established
(server www:443, client 10.0.0.3)
2. Seeding PRNG with 1160 bytes of entropy
3. Connection: Client IP: 200.10.5.62, Protocol: SSLv3,
Cipher: EXP1024-RC4-SHA (56/128 bits) <-- correct cipher ???
4. Initial (No.1) HTTPS request received for child 4
(server www.pekao-fs.com.pl:443)
5. Connection to child 4 closed with unclean shutdown
(serverwww.pekao-fs.com.pl:443, client 200.10.5.62)
<-- fine
Thanks.
---
Piotr Sloniowski
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
