Hi,
I guess the culprit is IE 5.x which has a broken ssl implementation
in the export versions (and maybe also in other versions if you try
with less than 128bit encrytion.
here's a solution posted earlier, and I found it worked in my setup
At 11:40 -0800 16/11/00, David Rees wrote:
>From: "David Rees" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Subject: RE: somebody shoot me, please
>Date: Thu, 16 Nov 2000 11:40:36 -0800
>MIME-Version: 1.0
>X-Priority: 3 (Normal)
>X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
>Importance: Normal
>Sender: [EMAIL PROTECTED]
>Precedence: bulk
>Reply-To: [EMAIL PROTECTED]
>X-Sender: "David Rees" <[EMAIL PROTECTED]>
>
>There's a FAQ for your problem:
>
>http://www.modssl.org/docs/2.7/ssl_faq.html#ToC48
>
>In short add these two lines:
>
>SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
>SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
>
>Which other people have mentioned before. This fixed all problems with
>buggy MSIE 56-bit browsers for me.
>
>-Dave
hope this helps
At 16:11 +0000 23/11/00, Adam Nealis wrote:
>This one has me stumped and rather frustrated. The problem
>happens with MSIE 5.0.2314.1003 but not with netscape 4.76.
>
>I have a site, in testing, which for various reasons is
>accessed by going to a particular URL in a directory
>with a .htaccess file in it. Let's say:
>
>https://my.test.site/keepaway/login.htm
>
>Our server certificate for the site is not for our domain.
>This is because the test site
>
>With Netscape, if I do https://.../... or http://.../...
>I get the username/password basic authentication
>challenge. However, under https I get a warning to the
>effect that the cert isn't for the domain. Fair enough.
>
>With MSIE, I only get the challenge with http://.../...,
>whereas with https://.../... I get a "friendly" error.
>Once I do a mod_auth basic authentication against http,
>if I replace http with https I get the "friendly" error
>message back.
>
>I suspect that MSIE barfs because the domain of the
>certificate doesn't match the domain in the URL. Is
>this correct, and is there a workaround?
>
>Probably irrelevant, but
>
>.htacess contains something like:
>
>Deny from all
>Allow from 1.2.3.4
>AuthType Basic
>AuthName "My Test Site"
>AuthUserFile /etc/httpd/conf/auth/valid.users
>require valid-user
>satisfy all
>
>Thanks,
>Adam.
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
--
Thierry Coopman - [EMAIL PROTECTED]
My opinions are personal, and have really nothing or nothing to do
with Keytrade!
I loathe people who keep dogs. They are cowards who haven't got the
guts to bite people themselves. --August Strindberg
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
