Carol,
It was my understanding, and perhaps I've misread posts here, that the list here has long advocated this setting for IE issues: SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown Also, for mozilla problems it has often been advocated to set this in the httpd.conf: SetEnvIf User-Agent ".*Mozilla.*" nokeepalive There well maybe more current setting recomended, but, I have not had to deal with such issues and have paid them little heeed unless I faced problems specifically realted to list recomendations. Thanks, Ron DuFresne On Thu, 31 Jan 2002, Kuczborski, Carol L wrote: > I reported this same issue in the Apache mod_ssl Bug DB over 6 months ago, > but received no response. I eventually worked with Oracle Worldwide Support > (which packages Apache and mod_ssl with it's Oracle9i Application Server) in > regards to the errors. The "Cannot find server or DNS error" along with > "Page cannot be displayed" errors were not completely eliminated, but > greatly reduced. Everything worked fine with Netscape, but not IE. Here > was our workable resolution: > > I did not completely eliminate the errors, but reduced them quite > significantly by making the following changes: > > 1. Modified httpd.conf as follows (to remove the "nokeepalive" directive): > > SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown > > 2. Oracle Worldwide Support patched the ApacheModuleSSL.dll file. The patch > to ApacheModuleSSL.dll implements a workaround in the code for reading from > a socket for WIN32. According to the details for the ApacheModuleSSL.dll > patch, there was mention of a bug in the "select" function in Windows NT > 4.0: > > "When checking a socket, if data can be read without blocking, select () > returns yes, but when actually reading from the socket with recv(), that > function returns WSAEWOULDBLOCK, which says that reading would block. It > seems that this problem does not occur in usual operation, but only in an > SSL enabled Apache (modssl or apache-ssl) with https. The code for WIN32, > which handles writing to a socket, already contains a workaround for this. > The code for reading from a socket did not have a workaround." > > Basically, they added a retry loop so that if a read from the socket failed, > it tried the read again. > > Carol Kuczborski > EDS - Enabling Business Solutions > MS A6N-B47 > 13600 EDS Drive > Herndon, VA 20171 > > * phone: +01-703-742-1025 (8-432) > * mailto:[EMAIL PROTECTED] > www.eds.com > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Thursday, January 31, 2002 9:42 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: [BugDB] IE Problems connecting to mod_ssl server Linux (PR#663) > > > Full_Name: > Version: > OS: > Submission from: (NULL) (80.132.185.116) > > > I'm having some very weird problems getting some IE clients to connect to a > mod_ssl-enabled apache install, and I'm hoping someone has some insight on > this > beyond what's in the FAQ. The environment is as follows: > Webserver version: > [ Apache/1.3.20 (Linux/SuSE 7.3) PHP/4.0.6 mod_ssl/2.8.4 OpenSSL/0.9.6b ] > > I have a 128-bit selfmade cert installed. I have the complete FAQ fixes in > (they > were already there, actually) as far as an SSL session cache and the 56-bit > export proto being turned off. > > Clients are Win2K ,Win98 with various patched IE 5.5 and Linux with Mozilla > and > Konqueror. In the case of IE, we have checked all protocols for SSL-Support. > > Here's a rough breakdown of what > works and what doesn't: > > Linux / Mozilla /Konqueror: always works fine > Win2K / IE 5.x: doen't work > Win2K / NS 6.x: doen't work > ("doesn't work" means that IE spits out that crappy "Cannot finds server or > DNS > error") > > I also added in the http.conf > > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown > downgrade-1.0 > force-response-1.0 > SSLCipherSuite > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:!NULL > > But nothing works!! > > Please help me or i will hang me up soon. *s* > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
