MS IE 5.00 was a flawed release, that MS very quickly (4 weeks) replaced with 5.01, mainly for security reasons. You should be able to get any reasonable users (corporate or otherwise) to upgrade asap. MSIE 5.00 has some serious bugs when using SSL and cacheing, so you may be able to tweak all your users caching settings, and also to look at making your pages non-cacheable. I have to say though that in our experience with a group of 10 users of 5.00 it was far easier to get them to switch to Netscape until their 5.01 (in fact they went for 5.5) to arrive.
The more SSL connections that are used, the more likely that failures will occur - in downloading stylesheets, javascript, images etc, leading to odd bugs and ugly pages. The problems you describe with 5.01, I have seen when SSL keepalive settings were enabled on the web-server. The SSLKeepAlive settings were invented to speed up a clients access to your site, so that as subsequent requests for images, css, etc etc were made, the SSL negotiation overhead was short-circuited. Unfortunately the MS 5.xx browsers never quite got it right. We use Apache, and this is the setting in httpd.conf SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 You can check your SSL logs to see if the keepalive settings are active - it they are you will see an incrementing number associated with each request from the same user that indicates the SSL negotiation was short-cut, and that previously negotiated keys are being used. 'nokeepalive' is fractionally slower, but at least your users will not get the regular 'page cannot be found' issue. As to sharing Client Certs between IE and NS - we do this happily for NS 4.0-4.75 and MSIE 5.01-6.0 without any issues. Regards Jeff -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Louis Sabet Sent: 17 May 2002 13:29 To: [EMAIL PROTECTED] Subject: IE 5.00 - 5.01 SSL Connection Failures Hi List, I work for a mobile phone retail company in the UK - www.mobiles.co.uk Recently we discovered that several of our customers were unable to complete the secure portions of their orders. The only common factor with all these problems were that all customers were using IE 5.00 to IE 5.01. Under Internet Explorer they receive "Page Connot Be Found". With Netscape all works fine, and with all other recent Internet Explorer versions, a successful connection can be made. I found nothing useful on the Microsoft site other than this: http://support.microsoft.com/default.aspx?scid=kb;EN-US;q244302 It may be the root of the problem, but we cannot ask the 33% of our customers who use IE5 to patch their machines before accessing our site. It is obvious that MOST connections to https sites can be made from IE5, or it would have been better documented. I contacted Verisign to find out if there was a reason some certificates were useable with IE5, and others weren't, but I found their technical support to be quite useless. My last option is to ask you guys whether this could be a configuration issue - or whether there is some configuration tweak I can make to get around this problem for our IE5 users. Best regards, Louis -- Louis Sabet <[EMAIL PROTECTED]> http://www.webtedium.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
