On Tue, 6 Jun 2000, Piotr Sloniowski wrote:
> Hi,
> Could anyone help me with crazy MSIE.
>
> There are some versions of IE (5.00.2xx to 5.00.28xx) with 56-bit key
> which has problems with cipher negotiation.
> When I connect to FQDN URL, negotiated cipher (?) is RC4-MD5 (128/128)
> and connection fails (browser do not support that !?).
> When I connect to that server with IP URL cipher is different and
> connection works.
>
> Every other lower version IE (4.0 with 40-bit key) and
> higher (with 128-bit key) works well.
>
> I'm using mod_ssl-2.6.4-1.3.12 with openssl-0.9.5a, apache 1.3.12
> with standard cofiguration.
My server has SGC enabled.
>
> I have no idea that to do. Please HELP.
>
> Here goes logs from that situation:
>
> Connection to URL https://www :
>
> 1. Connection to child 0 established
> (server www.pl:443, client 10.0.0.3)
>
> 2. Seeding PRNG with 1160 bytes of entropy
>
> 3. Connection: Client IP: 10.0.0.3, Protocol: SSLv3,
> Cipher: EXP1024-RC4-SHA (56/128 bits)
>
> 4. Connection: Client IP: 10.0.0.3, Protocol: SSLv3,
> Cipher: RC4-MD5 (128/128 bits) <-- wrong cipher ???
>
> 5. Connection to child 0 closed with standard shutdown
> (server www:443, client 10.0.0.3)
> <-- lost IE - "dnserror" !!!
>
> --------------------------------------------
> Connection to above URL with no DNS https://10.0.0.2 (www)
>
> 1. Connection to child 4 established
> (server www:443, client 10.0.0.3)
>
> 2. Seeding PRNG with 1160 bytes of entropy
>
> 3. Connection: Client IP: 200.10.5.62, Protocol: SSLv3,
> Cipher: EXP1024-RC4-SHA (56/128 bits) <-- correct cipher ???
>
> 4. Initial (No.1) HTTPS request received for child 4
> (server www.pekao-fs.com.pl:443)
>
> 5. Connection to child 4 closed with unclean shutdown
> (serverwww.pekao-fs.com.pl:443, client 200.10.5.62)
> <-- fine
---
Piotr Sloniowski
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
