I have a similar problem. I'm using apache 1.3.14, openssl 0.9.6, and
mod_ssl 2.7.1 on Solaris 2.7. Bone-stock config, but IE5 chokes (and IE4,
actually). I searched and found the following suggested config changes:
---
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
---
But that didn't help at all. I tried it with a both a self-signed
certificate and a legit VeriSign cert with all the correct info. All
versions of Netscape work just fine with this setup. Frustrating.
In the interest of completeness, an attempted connection from Mac IE5 is
shown at the debug log level below:
---
[13/Nov/2000 11:52:19 02090] [info] Server: Apache/1.3.14, Interface:
mod_ssl/2.7.1, Library: OpenSSL/0.9.6
[13/Nov/2000 11:52:19 02090] [info] Init: 1st startup round (still not
detached)
[13/Nov/2000 11:52:19 02090] [info] Init: Initializing OpenSSL library
[13/Nov/2000 11:52:19 02090] [info] Init: Loading certificate & private key
of SSL-aware server xxx.com:443
[13/Nov/2000 11:52:19 02090] [info] Init: Requesting pass phrase via
builtin terminal dialog
[13/Nov/2000 11:52:22 02090] [trace] Init: (xxx.com:443) encrypted RSA
private key - pass phrase requested
[13/Nov/2000 11:52:22 02090] [info] Init: Wiped out the queried pass
phrases from memory
[13/Nov/2000 11:52:22 02090] [info] Init: Seeding PRNG with 136 bytes of
entropy
[13/Nov/2000 11:52:22 02090] [info] Init: Generating temporary RSA private
keys (512/1024 bits)
[13/Nov/2000 11:52:35 02090] [info] Init: Configuring temporary DH
parameters (512/1024 bits)
[13/Nov/2000 11:52:35 02104] [info] Init: 2nd startup round (already
detached)
[13/Nov/2000 11:52:35 02104] [info] Init: Reinitializing OpenSSL library
[13/Nov/2000 11:52:35 02104] [warn] Init: Session Cache is not configured
[hint: SSLSessionCache]
[13/Nov/2000 11:52:35 02104] [info] Init: Seeding PRNG with 136 bytes of
entropy
[13/Nov/2000 11:52:35 02104] [info] Init: Configuring temporary RSA private
keys (512/1024 bits)
[13/Nov/2000 11:52:35 02104] [info] Init: Configuring temporary DH
parameters (512/1024 bits)
[13/Nov/2000 11:52:35 02104] [info] Init: Initializing (virtual) servers
for SSL
[13/Nov/2000 11:52:35 02104] [info] Init: Configuring server xxx.com:443
for SSL protocol
[13/Nov/2000 11:52:35 02104] [trace] Init: (xxx.com:443) Creating new SSL
context (protocols: SSLv2, SSLv3, TLSv1)
[13/Nov/2000 11:52:35 02104] [trace] Init: (xxx.com:443) Configuring
permitted SSL ciphers
[ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP]
[13/Nov/2000 11:52:35 02104] [trace] Init: (xxx.com:443) Configuring RSA
server certificate
[13/Nov/2000 11:52:35 02104] [trace] Init: (xxx.com:443) Configuring RSA
server private key
[13/Nov/2000 11:53:01 02105] [info] Connection to child 0 established
(server xxx.com:443, client xxx.xxx.xxx.xxx)
[13/Nov/2000 11:53:01 02105] [info] Seeding PRNG with 0 bytes of entropy
[13/Nov/2000 11:53:01 02105] [trace] OpenSSL: Handshake: start
[13/Nov/2000 11:53:01 02105] [trace] OpenSSL: Loop: before/accept
initialization
[13/Nov/2000 11:53:01 02105] [debug] OpenSSL: read 11/11 bytes from
BIO#00224B18 [mem: 0023DAF0] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 16 03 00 00 35 01 00 00-31 03 ....5...1. |
| 000b - <SPACES/NULS>
+-------------------------------------------------------------------------+
[13/Nov/2000 11:53:01 02105] [debug] OpenSSL: read 47/47 bytes from
BIO#00224B18 [mem: 0023DAFB] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: bd ba 54 9f 7c 7a df e8-22 3b 8a c0 7a 40 90 22 ..T.|z..";..z@." |
| 0010: 49 3e 9e 54 63 dc fe b7-55 40 ab 9f 4b 66 f3 1e I>[email protected].. |
| 0020: 00 00 0a 00 04 00 0a 00-09 00 03 00 06 01 .............. |
| 002f - <SPACES/NULS>
+-------------------------------------------------------------------------+
[13/Nov/2000 11:53:01 02105] [trace] OpenSSL: Loop: SSLv3 read client hello
A
[13/Nov/2000 11:53:01 02105] [trace] OpenSSL: Loop: SSLv3 write server hello
A
[13/Nov/2000 11:53:01 02105] [trace] OpenSSL: Loop: SSLv3 write certificate
A
[13/Nov/2000 11:53:01 02105] [trace] OpenSSL: Loop: SSLv3 write server done
A
[13/Nov/2000 11:53:01 02105] [debug] OpenSSL: write 663/663 bytes to
BIO#00224B18 [mem: 0022E8C8] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 16 03 00 00 2a 02 00 00-26 03 00 3a 10 1c 6d 37 ....*...&..:..m7 |
| 0010: fc 55 de 79 2e f3 89 04-95 71 cd 0f 71 c8 4c 51 .U.y.....q..q.LQ |
| 0020: 1b 88 52 f1 2a b7 32 10-85 e5 62 00 00 04 00 16 ..R.*.2...b..... |
| 0030: 03 00 02 5a 0b 00 02 56-00 02 53 00 02 50 30 82 ...Z...V..S..P0. |
| 0040: 02 4c 30 82 01 b9 02 10-24 4d 34 1b d1 5c e8 90 .L0.....$M4..\.. |
| 0050: f8 9c cc 4f e2 9b 0e af-30 0d 06 09 2a 86 48 86 ...O....0...*.H. |
| 0060: f7 0d 01 01 04 05 00 30-5f 31 0b 30 09 06 03 55 .......0_1.0...U |
| 0070: 04 06 13 02 55 53 31 20-30 1e 06 03 55 04 0a 13 ....US1 0...U... |
| 0080: 17 52 53 41 20 44 61 74-61 20 53 65 63 75 72 69 .RSA Data Securi |
| 0090: 74 79 2c 20 49 6e 63 2e-31 2e 30 2c 06 03 55 04 ty, Inc.1.0,..U. |
| 00a0: 0b 13 25 53 65 63 75 72-65 20 53 65 72 76 65 72 ..%Secure Server |
| 00b0: 20 43 65 72 74 69 66 69-63 61 74 69 6f 6e 20 41 Certification A |
| 00c0: 75 74 68 6f 72 69 74 79-30 1e 17 0d 30 30 31 31 uthority0...0011 |
| 00d0: 31 33 30 30 30 30 30 30-5a 17 0d 30 31 31 30 32 13000000Z..01102 |
| 00e0: 36 32 33 35 39 35 39 5a-30 73 31 0b 30 09 06 03 6235959Z0s1.0... |
| 00f0: 55 04 06 13 02 55 53 31-16 30 14 06 03 55 04 08 U....US1.0...U.. |
| 0100: 13 0d 4d 61 73 73 61 63-68 75 73 65 74 74 73 31 ..Massachusetts1 |
| 0110: 0f 30 0d 06 03 55 04 07-14 06 42 6f 73 74 6f 6e .0...U....Boston |
| 0120: 31 1a 30 18 06 03 55 04-0a 14 11 4e 65 77 4d 61 1.0...U....NewMa |
| 0130: 72 6b 65 74 20 4e 65 74-77 6f 72 6b 31 1f 30 1d rket Network1.0. |
| 0140: 06 03 55 04 03 14 16 xx-xx xx xx xx xx xx xx xx ..U....xxxxxxxxx |
| 0150: xx xx xx xx xx xx xx xx-xx xx xx xx xx 30 81 9f xxxxxxxxxxxxx0.. |
| 0160: 30 0d 06 09 2a 86 48 86-f7 0d 01 01 01 05 00 03 0...*.H......... |
| 0170: 81 8d 00 30 81 89 02 81-81 00 d7 b8 ef fa 66 f9 ...0..........f. |
| 0180: a8 df 19 53 d9 57 4c 7b-9c fb 98 7b 28 2e 92 f6 ...S.WL{...{(... |
| 0190: 61 96 02 7b 1b 29 60 fd-e2 bf 5e 44 57 71 f9 38 a..{.)`...^DWq.8 |
| 01a0: d7 fd 3e ae c8 76 df 30-37 4c 95 8d 2e fd 88 4c ..>..v.07L.....L |
| 01b0: dd 24 29 67 49 2d 0b a9-79 d0 66 97 4d fb cc 62 .$)gI-..y.f.M..b |
| 01c0: 80 91 1e e8 2c e8 bc a8-95 5a 8b 83 2d b5 0d 98 ....,....Z..-... |
| 01d0: 8c 89 85 4b 71 0a 25 db-8e 22 79 c6 98 28 e6 39 ...Kq.%.."y..(.9 |
| 01e0: de 3a de 4b f5 50 9a 00-33 ec fb e5 19 57 29 ce .:.K.P..3....W). |
| 01f0: 61 18 f2 f0 cf 9c 5b b8-f0 03 02 03 01 00 01 30 a.....[........0 |
| 0200: 0d 06 09 2a 86 48 86 f7-0d 01 01 04 05 00 03 7e ...*.H.........~ |
| 0210: 00 2c b2 95 4d fd 11 a7-2e a8 c1 48 74 13 34 19 .,..M......Ht.4. |
| 0220: 5d 55 20 42 82 6e 7f 25-2a 3f 99 81 e2 d6 89 76 ]U B.n.%*?.....v |
| 0230: 1a fb 35 32 dd 63 62 87-1c a4 c1 e2 64 32 bf 18 ..52.cb.....d2.. |
| 0240: 32 eb ee 3b 91 6a 55 3c-65 62 f4 1d 72 9e 2a 28 2..;.jU<eb..r.*( |
| 0250: 49 13 54 3d 2c b4 aa 8e-e8 2d 93 22 8b b7 ce 38 I.T=,....-."...8 |
| 0260: dd fa fc a2 ab d4 2f 7a-cd 16 c8 82 4f 32 a0 c9 ....../z....O2.. |
| 0270: 29 c9 a4 eb f7 fe a7 0d-00 dc b0 4b 00 91 91 8a )..........K.... |
| 0280: 65 ad 44 40 2e 23 d3 e1-d6 ef 7c e3 1a 12 16 03 e.D@.#....|..... |
| 0290: 00 00 04 0e .... |
| 0297 - <SPACES/NULS>
+-------------------------------------------------------------------------+
[13/Nov/2000 11:53:01 02105] [trace] OpenSSL: Loop: SSLv3 flush data
[13/Nov/2000 11:53:01 02105] [debug] OpenSSL: I/O error, 5 bytes expected to
read on BIO#00224B18 [mem: 0023DAF0]
[13/Nov/2000 11:53:01 02105] [trace] OpenSSL: Exit: error in SSLv3 read
client certificate A
[13/Nov/2000 11:53:01 02105] [trace] OpenSSL: Exit: error in SSLv3 read
client certificate A
[13/Nov/2000 11:53:01 02105] [error] SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!] (System error follows)
[13/Nov/2000 11:53:01 02105] [error] System: Connection reset by peer
(errno: 131)
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
