> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Mark Morrill
> Sent: Thursday, February 22, 2001 5:41 PM
>
> I revisited the FAQ and re-reread the list archives. I tried a
> few things.
> A few things from the FAQ actually made things worse! :)
Can you elaborate? It's good to know what helps, and what doesn't.
> But the one incantation that seemed to work was to add the
> following line to
> apache.conf:
>
> SSLProtocol all -SSLv3
I really only recommend adding the -SSLv3 as a last resort, some people have
had problems with that with some browsers.
Here's what I recommend using in your config (and is what I use on my
production servers):
# Breaks some versions of IE if you don't have a session cache
SSLSessionCache shm:logs/ssl_cache(1024000)
# Use this session cache if you don't have libmm compiled in
#SSLSessionCache dbm:logs/ssl_cache
# Many versions of MSIE will get random IO errors without this
# especially during POSTs.
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# The important part of this is the !EXPORT56. 56-bit versions
# of MSIE won't connect at all with this.
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
If you still have problems after using these options, there must be
something strange on the OSX build which causes these problems. Do the
Apache logs say anything? You may have to turn the log level up...
-Dave
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
