Sorry, it is NOT the recommendation made in mod_ssl.... But it worked for me.
Carol Kuczborski EDS - Enabling Business Solutions MS A6N-B47 13600 EDS Drive Herndon, VA 20171 * phone: +01-703-742-1025 (8-432) * mailto:[EMAIL PROTECTED] www.eds.com -----Original Message----- From: Kuczborski, Carol L Sent: Wednesday, February 06, 2002 10:09 AM To: '[EMAIL PROTECTED]' Subject: RE: Problem with IE Try the following setting for the IE browser in the httpd.conf file. I know it is the recommendation made in the mod_ssl FAQ, but it seemed to help me. I had the same problem you are having and researched it for months. After making the change to the http.conf below (and applying a patch from Oracle to the ApacheModuleSSL.dll file on Windows NT), it reduced the intermittent "Cannot find server or DNS error" and "Page cannot be displayed" messages received when using the IE browser. I never received these errors when using the Netscape browser. SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown Carol Kuczborski EDS - Enabling Business Solutions MS A6N-B47 13600 EDS Drive Herndon, VA 20171 * phone: +01-703-742-1025 (8-432) * mailto:[EMAIL PROTECTED] www.eds.com -----Original Message----- From: Thomas Lepik [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 06, 2002 3:48 AM To: [EMAIL PROTECTED] Subject: Problem with IE Hello, I compiled apache-1.3.2+mod_ssl-2.8.6+php-4.1.1 sucessfully on RH 7.2 Linux. I created certificates, modified httpd.conf for my needs and started apache with ssl option. Things seemed to be working fine - even tested with lynx browser to see wheather https://localhost gives a connection - and it did! But when tested with M$ IE 5.0 (with high encryption patch that allows 128 bit chipher), I constantly ran into "page cannot be displayed" - eventhough I modified httpd.conf's SSL section several times as suggested here before. (if IE setenv xxx and, SSL -v3, session cache things) Any time - lynx displays the page and IE doesn't. Here are two samples from my ssl_engine_log. First one with lynx browser, second one with my troublesome IE. (also included server startup lines to ensure that server is running smoothly) server startup: ----------------- 06/Feb/2002 10:29:06 09923] [info] Init: Configuring server emedia.se:443 for SSL protocol [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP] [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring RSA server certificate [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring RSA server private key [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring server certificate chain (1 CA certificate) ------------- Lynx browser: ---------------- [06/Feb/2002 10:29:41 09924] [info] Connection to child 0 established (server emedia.se:443, client 212.107.xx.xx) [06/Feb/2002 10:29:41 09924] [info] Seeding PRNG with 23177 bytes of entropy [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Handshake: start [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: before/accept initialization [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 read client hello A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write server hello A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write certificate A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write key exchange A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write server done A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 flush data [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 read client key exchange A [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 read finished A [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 write finished A [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 flush data [06/Feb/2002 10:29:42 09924] [trace] Inter-Process Session Cache: request=SET status=OK id=6ACADD8B778A6BFFDF0E22CCC0023F4B080C297422FA989923FC36348E3FFD83 timeout=599s (session caching) [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Handshake: done [06/Feb/2002 10:29:42 09924] [info] Connection: Client IP: 212.107.xx.xx, Protocol: TLSv1, Cipher: EDH-RSA-DES-CBC3-SHA (168/168 bits) [06/Feb/2002 10:29:42 09924] [info] Initial (No.1) HTTPS request received for child 0 (server emedia.se:443) [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Write: SSL negotiation finished successfully [06/Feb/2002 10:29:42 09924] [info] Connection to child 0 closed with standard shutdown (server emedia.se:443, client 212.107.xx.xx) -------------- Now with IE --------------- Connection to child 1 established (server emedia.se:443, client 212.107.xx.xx) [06/Feb/2002 10:32:37 09925] [info] Seeding PRNG with 23177 bytes of entropy [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Handshake: start [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: before/accept initialization [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read client hello A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write server hello A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write certificate A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write server done A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 flush data [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read client key exchange A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read finished A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write finished A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 flush data [06/Feb/2002 10:32:37 09925] [trace] Inter-Process Session Cache: request=SET st atus=OK id=C52B666B384B0E4DD7F0BDB6D6F8E8118E3AA5748DF993A553C4CC4E2FB86606 timeout=600s (session caching) [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Handshake: done [06/Feb/2002 10:32:37 09925] [info] Connection: Client IP: 212.107.xx.xx, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Write: SSL negotiation finished successfully [06/Feb/2002 10:32:37 09925] [info] Connection to child 1 closed with standard shutdown (server emedia.se:443, client 212.107.xx.xx) ---------- Best regards, Thomas. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
