On Tue, Oct 23, 2001 at 09:49:22AM +0200, Martin B. Nielsen wrote: > > Does anyone have a clue why ie6 and apache 1.3.19 with mod_ssl 2.8.4 > (and openssl 0.9.6a) with a 128bit certificate may refuse to connect to > the server (i.e. it shows the typical error screen on ie). > > The server has the usual settings - namely: > SSLSessionCache dbm:/var/cache/httpd/ssl_session_cache > SSLCipherSuite > ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > SetEnvIf User-Agent ".*MSIE.*" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > > and there no problems with 40bit certificates. > > I'm wondering whether something like > #BrowserMatch "MSIE [1-4]" nokeepalive ssl-unclean-shutdown \ > # downgrade-1.0 force-response-1.0 > #BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown
This might make a difference... > in combination with > #SSLSessionCache shm:/var/cache/httpd/ssl_gcache_data(1024000) But this won't since you already have a session cache. The browser can't tell the difference between different types as long as you have one. -Dave ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
