I think you might need to limit the ciphers you accept. To get all of my
(known) clients working I wathed my logs to see what cipher was being used
by the clients which failed and then removed that from the list (with a
`!'). Here is what I ended up with:
SSLCipherSuite
!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
The EXP1024-* ciphers were my problems.
Dan Roscigno [EMAIL PROTECTED]
(425)864-5540
On Wed, 15 Nov 2000, Brendon Maragia wrote:
> First i'd like to thank everyone for their advice about my MOD_SSL + MSIE5.x
> problem. I recompiled everything WITHOUT rsaref-2.0 and I still cannot get
> a connection with MSIE5.5 only MSIE4.0 & 5.0. Heres a quick run down of
> what i'm running and the virtual host i'm trying to connect to...
>
> apache_1.3.14
> mod_ssl-2.7.1-1.3.14
> openssl-0.9.6
>
> My Virtual Host:
>
> <VirtualHost 216.186.181.230:443>
> DocumentRoot /home/commaflex/public_html/checkout
> ServerAdmin [EMAIL PROTECTED]
> ServerName checkout.commaflex.com
> ErrorLog /home/commaflex/public_html/checkout/.error.log
> TransferLog /home/commaflex/public_html/checkout/.transfer.log
> SSLEngine on
>
> SSLCertificateFile
> /usr/local/ssl.keys/checkout.commaflex.com/ssl.csr/server.crt
>
> SSLCertificateKeyFile
> /usr/local/ssl.keys/checkout.commaflex.com/ssl.key/server.key
>
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
> SSLCertificateChainFile
> /usr/local/ssl.keys/checkout.commaflex.com/ssl.crt/ca.crt
>
> <Files ~ "\.(cgi|shtml)$">
> SSLOptions +StdEnvVars
> </Files>
> <Directory "/usr/local/apache/htdocs/cgi-bin">
> SSLOptions +StdEnvVars
> </Directory>
>
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> downgrade-1.0 force-response-1.0
>
> CustomLog /var/log/apache_ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> SSLLogLevel debug
> </VirtualHost>
>
> ...I've checked all my logs upon trying to connect with MSIE5.0 and the
> server seems to execute a standard hand shake, and then gracefully execute a
> standard shutdown with no complaints.
>
> All I get from MSIE5.x is "Page Could Not Be Displayed". Could someone
> pleassee pleaseee help :)
>
> Brendon
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
