Names have been changed to protect the innocent. Running on SunOS 5.8 Generic_108528-16 sun4u sparc SUNW,Ultra-250
I'm having problems with a PDF file which has a size of 1.4MB which I'm trying to view over a SSL connection. When viewing the page with IE 5.5 I can't use the "Open file from its current location" option but I'm forced to use the "Save this file to disk" instead. When pressing OK it pops up with an error message like "not able to open this intranet site". When trying to view the same page in Netscape 4.7 it immediatly opens part of the PDF as an object. The problem here is that it looks like it only gets a part of the document before disconnecting. When I do the same with Opera ... lo and behold ... it works. Forgot to mention that when I shift-click in netscape it downloads the file without any problems. Here's a small part of the ssl_engine_log which pops up when I try the IE approach: [03/Oct/2002 14:50:42 11648] [info] Connection to child 4 established (server apache.duh.com:443, client 192.168.10.10) [03/Oct/2002 14:50:42 11648] [info] Seeding PRNG with 1160 bytes of entropy [03/Oct/2002 14:50:44 11648] [info] Connection: Client IP: 192.168.10.10, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [03/Oct/2002 14:50:44 11648] [info] Initial (No.1) HTTPS request received for child 4 (server apache.duh.com:443) [03/Oct/2002 14:50:51 11648] [info] Connection to child 4 closed with standard shutdown (server apache.duh.com:443, client 192.168.10.10) And from the same log when I try it through Netscape: [03/Oct/2002 15:07:47 11733] [info] Connection to child 3 established (server apache.duh.com:443, client 192.168.10.10) [03/Oct/2002 15:07:47 11733] [info] Seeding PRNG with 1160 bytes of entropy [03/Oct/2002 15:07:48 11733] [info] Connection: Client IP: 192.168.10.10, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [03/Oct/2002 15:07:48 11733] [info] Initial (No.1) HTTPS request received for child 3 (server apache.duh.com:443) [03/Oct/2002 15:07:48 11734] [info] Connection to child 4 established (server apache.duh.com:443, client 192.168.10.10) [03/Oct/2002 15:07:48 11734] [info] Seeding PRNG with 1160 bytes of entropy [03/Oct/2002 15:07:48 11733] [info] Connection to child 3 closed with standard shutdown (server apache.duh.com:443, client 192.168.10.10) [03/Oct/2002 15:07:48 11734] [info] Connection: Client IP: 192.168.10.10, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [03/Oct/2002 15:07:48 11734] [info] Initial (No.1) HTTPS request received for child 4 (server apache.duh.com:443) [03/Oct/2002 15:07:49 11734] [info] Connection to child 4 closed with standard shutdown (server apache.duh.com:443, client 192.168.10.10) And finally, when I use Opera: [07/Oct/2002 11:39:40 13859] [info] Connection to child 5 established (server apache.duh.com:443, client 192.168.10.10) [07/Oct/2002 11:39:40 13859] [info] Seeding PRNG with 1160 bytes of entropy [07/Oct/2002 11:39:40 13859] [info] Connection: Client IP: 192.168.10.10, Protocol: TLSv1, Cipher: RC4-SHA (128/128 bits) [07/Oct/2002 11:39:40 13859] [info] Initial (No.1) HTTPS request received for child 5 (server apache.duh.com:443) [07/Oct/2002 11:39:42 13859] [info] Connection to child 5 closed with standard shutdown (server apache.duh.com:443, client 192.168.10.10) As mentioned Apache has been compiled with mod_ssl and we're using OpenSSL lib 0.9.6g. Configure string looks like this: ./configure --with-apache=../httpd-1.3.26 for mod_ssl and Apache: SSL_BASE=/opt/SMCossl ./configure --prefix=/local/apache-1.3.26 --enable-module=proxy --enable-module =so --enable-module=ssl --enable-module=rewrite --enable-module=info Here's a small portion of the httpd.config: <IfDefine SSL> Listen 80 Listen 443 </IfDefine> <IfDefine SSL> AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl </IfDefine> <IfModule mod_proxy.c> ProxyRequests On ProxyPass /DUH/ http://apache-1.duh.com/ ProxyPassReverse /DUH/ http://apache-1.duh.com/ ProxyPass /bil/ http://apache-1.duh.com/bil/ </IfModule> <IfModule mod_ssl.c> SSLPassPhraseDialog builtin SSLSessionCache dbm:/local/apache-1.3.26/logs/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/local/apache-1.3.26/logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLLog /local/apache-1.3.26/logs/ssl_engine_log SSLLogLevel trace </IfModule> <IfDefine SSL> <VirtualHost _default_:443> DocumentRoot "/local/apache-1.3.26/htdocs" ServerName apache.duh.com ServerAdmin [EMAIL PROTECTED] ErrorLog /local/apache-1.3.26/logs/error_log TransferLog /local/apache-1.3.26/logs/access_log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /local/apache-1.3.26/conf/ssl.crt/server.cert SSLCertificateKeyFile /local/apache-1.3.26/conf/ssl.key/server.key SSLVerifyClient none SSLVerifyDepth 5 <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/local/apache-1.3.26/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /local/apache-1.3.26/logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> </IfDefine> Anything else which is needed here ? Now, I've tried to find solutions to this here problem for some time now. I've RTFM, I've read the FAQ, I've read miscellaneous postings here and there outlining possible solutions to this problem (I guess its not just related to PDF files??) and I've tried to add a few settings here and there to the config without any success. When I'm using the HTTP instead of HTTPS I have no trouble at all getting the document from any browser so my thoughts is that it is mod_ssl which is the problem (or browsers). Anyone ? Regards Jens-Harald Johansen The wisest man I ever knew taught me something I never forgot. Although I never forgot it, I never quite memorized it, either. So what I am left with is the memory of having learned something very wise that I can't quite remember. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
