Dear B. Courtin,
all the webservers run in local networks and dont pass any other
machines (like proxies or load balancers).
the logs show the correct IP of the clients.
when running non-ssl connections the error doesnt occur at all (same
machine, same pages, same client).
I also never discovered this problem using NS4.x
So im quite sure its a IE problem. Its known that IE is quite crappy
with https, but there must be a way to solve this.
Keepalive is turned off for the whole server. So that cannot be the
problem.
For completeness i attached the virtualhost config section of the
httpd.conf
Any other ideas ?
Regards,
Heribert Steuer
--SNIP!--
<VirtualHost _default_:443>
ServerName oms.freiburg.peh # resolved by internal dns
SSLEngine on
SSLCertificateFile conf/ssl.crt/server.crt
SSLCertificateKeyFile conf/ssl.key/server.key
<Files ~ "\.(cgi|shtml)$">
SSLOptions +StdEnvVars
</Files>
DocumentRoot /webroot/peh.internal.net/htdocs
ServerAdmin [EMAIL PROTECTED]
ScriptAlias /cgi-bin/ /webroot/peh.internal.net/cgi-bin/
ScriptAlias /perl-bin/ /webroot/peh.internal.net/perl-bin/
LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon
CustomLog /webroot/peh.internal.net/logs/access_log vcommon
ErrorLog /webroot/peh.internal.net/logs/error_log
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
<Directory /webroot/peh.internal.net>
Options FollowSymLinks
AllowOverride All
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</Directory>
<Location /perl-bin>
SetHandler perl-script
PerlHandler Apache::Registry
PerlSendHeader On
Options ExecCGI
</Location>
# Unauthorized
ErrorDocument 401 /error_html/401.html
# Payment Required
ErrorDocument 402 /error_html/402.html
# Forbidden
ErrorDocument 403 /error_html/403.html
# Not Found
ErrorDocument 404 /error_html/404.html
# Internal Server Error
ErrorDocument 500 /error_html/500.html
</VirtualHost>
--SNIP!--
----Original Message----
Hi Heribert,
are you sure these errors are caused by access/commmunication
with the Microsoft
Internet Explorer 6.0.2600.000? Do they only occour when the
webserver is accessed by
a browser (i.e. MS IE6) or on a regulary basis: are you sure
your web-servers are not
behind any kind of load balancer which is sending "pings" or
"keepalive" requests to
your webserver?
Kind regards,
B. Courtin
-----Original Message-----
From: Heribert Steuer [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 16, 2002 7:12 PM
To: [EMAIL PROTECTED]
Subject: handshake problem with IE
Hello everybody,
i was already reading the posts on this issue, but all
suggested tips
didnt help at all.
server is apache (see version numbers below) running on OpenBSD
3.0stable
client is Microsoft Internet Explorer 6.0.2600.000 with 128bit
encryption
the logs say the following (at least they are full of it):
[Thu May 16 18:52:12 2002] [error] mod_ssl: SSL handshake
interrupted by
system [Hint: Stop button pressed in browser?!] (System error
follows)
[Thu May 16 18:52:12 2002] [error] System: Connection reset by
peer
(errno: 54)
ssl_engine_log is :
[16/May/2002 18:52:13 06053] [info] Connection to child 0
established
(server cyrus.freiburg.peh:443, client 192.168.30.30)
[16/May/2002 18:52:13 06053] [info] Seeding PRNG with 1160
bytes of
entropy
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Handshake: start
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop:
before/accept
initialization
[16/May/2002 18:52:13 06053] [debug] OpenSSL: read 11/11 bytes
from
BIO#00A259C0 [mem: 00CCE000] (BIO dump follows)
[...]
[16/May/2002 18:52:13 06053] [debug] OpenSSL: read 67/67 bytes
from
BIO#00A259C0 [mem: 00CCE00B] (BIO dump follows)
[...]
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 read
client
hello A
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 write
server
hello A
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 write
certificate A
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 write
server
done A
[16/May/2002 18:52:13 06053] [debug] OpenSSL: write 762/762
bytes to
BIO#00A259C0 [mem: 00CA3000] (BIO dump follows)
[...]
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 flush
data
[16/May/2002 18:52:13 06053] [debug] OpenSSL: I/O error, 5
bytes
expected to read on BIO#00A259C0 [mem: 00CCE000]
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Exit: error in
SSLv3 read
client certificate A
[16/May/2002 18:52:13 06053] [trace] OpenSSL: Exit: error in
SSLv3 read
client certificate A
[16/May/2002 18:52:13 06053] [error] SSL handshake interrupted
by system
[Hint: Stop button pressed in browser?!] (System error follows)
[16/May/2002 18:52:13 06053] [error] System: Connection reset
by peer
(errno: 54)
OpenSSL 0.9.6b [engine] 9 Jul 2001
mod_ssl version 2.8
mod_perl-1.26
Server version: Apache/1.3.19 (Unix)
Server built: Oct 15 2001 11:48:41
Server's Module Magic Number: 19990320:10
Server compiled with....
-D EAPI
-D HAVE_MMAP
-D HAVE_SHMGET
-D USE_MMAP_SCOREBOARD
-D USE_MMAP_FILES
-D USE_FLOCK_SERIALIZED_ACCEPT
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D HTTPD_ROOT="/var/www"
-D SUEXEC_BIN="/usr/sbin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/httpd.scoreboard"
-D DEFAULT_LOCKFILE="logs/httpd.lock"
-D DEFAULT_XFERLOG="logs/access_log"
-D DEFAULT_ERRORLOG="logs/error_log"
-D TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
-D ACCESS_CONFIG_FILE="conf/access.conf"
-D RESOURCE_CONFIG_FILE="conf/srm.conf"
if theres a need for more details, just let me know. this
problem occurs
on 3 different machines
(all running OpenBSD with different versions of apache/mod_ssl)
i hope someone can help.
thanks in advance
Heribert Steuer
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
