My money is on a SSL session resume problem. Make sure your SSL session cache is configured correctly - one thing that really bites us all in the butt is that some MSIE versions get annoyed when it tries to resume a session in what it thinks is a reasonable amount of time and finds the server refuses to do it - to satisfy this requirement you need SSL sessions to be cached for long enough - try 10 minutes - and use ssldump to verify that sessions are actually being resumed. The point here is that according to the SSL/TLS spec it's alright for the server to refuse to resume a session, and most other browsers handle that bit correctly.
Christoph Gr�ver wrote: >Hi All. > > >We have also these "popular" MSIE SSL 3.0 Problems. > >The Problem as we have found it: > >We have the Apache Versions 1.3.19, 1.3.22, 1.3.23 with the mod_ssl >Versions 2.8.4 - 2.8.7 running on different systems. >No proxy, no Firewall in between, just plain LAN. > >We have tested all available browsers. The result is pretty obvious: > >All non-Microsoft browsers work flawlessly ( Netscape, Mozilla, konqueror, > galeon, wget, cURL etc. ) > >All MSIE's do not work (incl. 5.0, 5.5, 6.0x Versions). > >Not working means: They work most of the time, but now and then especially >if the webuser is a minute or more idle the next request gives the infamous >"page cannot be displayed, server or dns error" - blaming nonsense. > >Of course all standard MSIE workarounds are enabled. >Also I have found a document via Google with a list of especially >buggy implemented ciphers and have disabled them all. > >But to no avail. > > >Does anybody have any summary for any possible solution to these bugs. > >(Yes, I know the only real solution is to not use MSIE, but we cannot force >every user to use a real webbrowser). > >Thanks for your time. > > > > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
