On Tue, Sep 18, 2001 at 05:25:34PM -0500, Nick Temple wrote:
> Hi --
>
> My question is: what is the most stable version of Apache / mod_ssl/ OpenSSL and
>configuration options, stable in this case meaning allowing the widest group of the
>most common browsers to connect (AOL, IE, Netscape, Opera), on the most widely used
>OS's to connect? (WIN, Macs, Linux, Solaris). Trading Netscape compatibility (SSL
>-v3) for Mac/IE compatibility isn't really an option.
>
> I'm pretty sure I've scoured the appropriate FAQ's and archives, though I could have
>missed something.
>
> I have been having many reports of connection errors with various browsers (we are
>in the process of compiling a complete list). I am currently running a stock Red Hat
>install (7.0, I'm pretty sure). Relevent info is:
>
> 'SERVER_SOFTWARE' => 'Apache/1.3.12 (Unix) (Red Hat/Linux) mod_ssl/2.6.6
>OpenSSL/0.9.5a mod_perl/1.24',
>
> httpd.conf:
>
> SSLEngine on
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
> SSLOptions +StdEnvVars
> BrowserMatch "Mozilla/2" nokeepalive
> BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
> BrowserMatch "MSIE [1-4]" nokeepalive ssl-unclean-shutdown downgrade-1.0
>force-response-1.0
> BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown
>
> We are using a Thawte wildcard cert (*.commercestore.com), if that makes any
>difference.
>
> Our store caters to end users, so this really needs to be as cross-compatible as
>possible.
You settings look OK. The only thing I would suggest is to upgrade to the
latest Apache/mod_ssl/OpenSSL/mod_perl.
Which browsers specifically are producing errors?
-Dave
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
