I hit a more fundamental problem with IE. According to me, it doesn't support the keepalive messages that are needed to keep an SSL connection open, so the connection dies when the keepalive timeout kicks in - by default after one minute. This means that unless you request a new page every minute, the connection dies and your browser has to renegotiate the whole thing from scratch. If the server mandates a 128-bit connection for the next page, then the problem that you are asking about goes away. However, the cost of negotiating a new connection on every request is high.
In the default configuration, Apache sets keepalive off if the browser is IE, but it appears that this just forces renegotiation on every request. Can anybody confirm that all this is correct? If so, is there a way to get around it (other than using another browser)? Simon > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of MATHIHALLI,MADHUSUDAN > (HP-Cupertino,ex1) > Sent: 08 January 2002 01:11 > To: '[EMAIL PROTECTED]' > Subject: Connection re-negotiation > > > Hi mod_ssl gurus, > I had a small question regarding connection re-negotiation : > > The scenario is that I have a 56-bit browser (IE 6.0) and a 128/168 bit > enabled apache (+mod_ssl 2.8.4) server.. During a https transaction, the > browser > establishes 56-bit connection, but then inorder to access a particular > location, a 128 bit connection is mandated by the server (using the > SSLRequire option).. Is it possible that the client can upgrade the > connection to a 128-bit one ??.. If yes, how to achieve that ?.. > > -Madhu > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
