Hi, Have you found anything more on that subject. I am interested in the result of your research. We have 4 web servers behind a load balancer, and we receive around 200 of such message a day. And we have no clue from where it is coming from, and how to fix it.
Gilles > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Heribert Steuer > Sent: Friday, May 17, 2002 7:04 AM > To: [EMAIL PROTECTED] > Subject: RE: handshake problem with IE > > > Dear B. Courtin, > > all the webservers run in local networks and dont pass any other > machines (like proxies or load balancers). > the logs show the correct IP of the clients. > when running non-ssl connections the error doesnt occur at all (same > machine, same pages, same client). > I also never discovered this problem using NS4.x > So im quite sure its a IE problem. Its known that IE is quite crappy > with https, but there must be a way to solve this. > Keepalive is turned off for the whole server. So that cannot be the > problem. > For completeness i attached the virtualhost config section of the > httpd.conf > Any other ideas ? > > Regards, > Heribert Steuer > > > --SNIP!-- > > <VirtualHost _default_:443> > ServerName oms.freiburg.peh # resolved by internal dns > > SSLEngine on > SSLCertificateFile conf/ssl.crt/server.crt > SSLCertificateKeyFile conf/ssl.key/server.key > <Files ~ "\.(cgi|shtml)$"> > SSLOptions +StdEnvVars > </Files> > > > > DocumentRoot /webroot/peh.internal.net/htdocs > ServerAdmin [EMAIL PROTECTED] > ScriptAlias /cgi-bin/ /webroot/peh.internal.net/cgi-bin/ > ScriptAlias /perl-bin/ /webroot/peh.internal.net/perl-bin/ > LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon > CustomLog /webroot/peh.internal.net/logs/access_log vcommon > ErrorLog /webroot/peh.internal.net/logs/error_log > > SSLCipherSuite > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP > <Directory /webroot/peh.internal.net> > Options FollowSymLinks > AllowOverride All > SetEnvIf User-Agent ".*MSIE.*" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > > </Directory> > <Location /perl-bin> > SetHandler perl-script > PerlHandler Apache::Registry > PerlSendHeader On > Options ExecCGI > </Location> > > > # Unauthorized > ErrorDocument 401 /error_html/401.html > # Payment Required > ErrorDocument 402 /error_html/402.html > # Forbidden > ErrorDocument 403 /error_html/403.html > # Not Found > ErrorDocument 404 /error_html/404.html > # Internal Server Error > ErrorDocument 500 /error_html/500.html > > > > > </VirtualHost> > > > --SNIP!-- > > > > ----Original Message---- > > Hi Heribert, > > are you sure these errors are caused by access/commmunication > with the Microsoft > Internet Explorer 6.0.2600.000? Do they only occour when the > webserver is accessed by > a browser (i.e. MS IE6) or on a regulary basis: are you sure > your web-servers are not > behind any kind of load balancer which is sending "pings" or > "keepalive" requests to > your webserver? > > Kind regards, > B. Courtin > > > > -----Original Message----- > From: Heribert Steuer [mailto:[EMAIL PROTECTED]] > Sent: Thursday, May 16, 2002 7:12 PM > To: [EMAIL PROTECTED] > Subject: handshake problem with IE > > > Hello everybody, > > i was already reading the posts on this issue, but all > suggested tips > didnt help at all. > server is apache (see version numbers below) running on OpenBSD > > 3.0stable > client is Microsoft Internet Explorer 6.0.2600.000 with 128bit > encryption > > > the logs say the following (at least they are full of it): > > [Thu May 16 18:52:12 2002] [error] mod_ssl: SSL handshake > interrupted by > system [Hint: Stop button pressed in browser?!] (System error > follows) > [Thu May 16 18:52:12 2002] [error] System: Connection reset by > peer > (errno: 54) > > > ssl_engine_log is : > > [16/May/2002 18:52:13 06053] [info] Connection to child 0 > established > (server cyrus.freiburg.peh:443, client 192.168.30.30) > [16/May/2002 18:52:13 06053] [info] Seeding PRNG with 1160 > bytes of > entropy > [16/May/2002 18:52:13 06053] [trace] OpenSSL: Handshake: start > [16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: > before/accept > initialization > [16/May/2002 18:52:13 06053] [debug] OpenSSL: read 11/11 bytes > from > BIO#00A259C0 [mem: 00CCE000] (BIO dump follows) > [...] > [16/May/2002 18:52:13 06053] [debug] OpenSSL: read 67/67 bytes > from > BIO#00A259C0 [mem: 00CCE00B] (BIO dump follows) > [...] > [16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 read > client > hello A > [16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 write > server > hello A > [16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 write > > certificate A > [16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 write > server > done A > [16/May/2002 18:52:13 06053] [debug] OpenSSL: write 762/762 > bytes to > BIO#00A259C0 [mem: 00CA3000] (BIO dump follows) > [...] > [16/May/2002 18:52:13 06053] [trace] OpenSSL: Loop: SSLv3 flush > data > [16/May/2002 18:52:13 06053] [debug] OpenSSL: I/O error, 5 > bytes > expected to read on BIO#00A259C0 [mem: 00CCE000] > [16/May/2002 18:52:13 06053] [trace] OpenSSL: Exit: error in > SSLv3 read > client certificate A > [16/May/2002 18:52:13 06053] [trace] OpenSSL: Exit: error in > SSLv3 read > client certificate A > [16/May/2002 18:52:13 06053] [error] SSL handshake interrupted > by system > [Hint: Stop button pressed in browser?!] (System error follows) > > [16/May/2002 18:52:13 06053] [error] System: Connection reset > by peer > (errno: 54) > > > > OpenSSL 0.9.6b [engine] 9 Jul 2001 > mod_ssl version 2.8 > mod_perl-1.26 > > Server version: Apache/1.3.19 (Unix) > Server built: Oct 15 2001 11:48:41 > Server's Module Magic Number: 19990320:10 > Server compiled with.... > -D EAPI > -D HAVE_MMAP > -D HAVE_SHMGET > -D USE_MMAP_SCOREBOARD > -D USE_MMAP_FILES > -D USE_FLOCK_SERIALIZED_ACCEPT > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > -D HTTPD_ROOT="/var/www" > -D SUEXEC_BIN="/usr/sbin/suexec" > -D DEFAULT_PIDLOG="logs/httpd.pid" > -D DEFAULT_SCOREBOARD="logs/httpd.scoreboard" > -D DEFAULT_LOCKFILE="logs/httpd.lock" > -D DEFAULT_XFERLOG="logs/access_log" > -D DEFAULT_ERRORLOG="logs/error_log" > -D TYPES_CONFIG_FILE="conf/mime.types" > -D SERVER_CONFIG_FILE="conf/httpd.conf" > -D ACCESS_CONFIG_FILE="conf/access.conf" > -D RESOURCE_CONFIG_FILE="conf/srm.conf" > > > if theres a need for more details, just let me know. this > problem occurs > on 3 different machines > (all running OpenBSD with different versions of apache/mod_ssl) > > i hope someone can help. > > > thanks in advance > > Heribert Steuer > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
