Hi, I'm experiencing weird problems with MSIE clients accessing pages on a Apache 1.3.26+mod_ssl-2.8.9 server (Debian Woody with current updates) with client verification turned on. I created and signed CA certificate, then created and signed server and several clients' certificates. On every client workstation, I imported the proper client certificate into MSIE. In Apache config I enabled mod_ssl and set "verify client required" for Document Root directory, and put the "magic" SetEnviF stuff (unclean-shutdown, downgrade-1.0 and so on) as recommended in FAQ.
Everything seemed to work just fine, but users started report absence of some pages' elements. Further investigation showed, that for some unknown reasons, the MSIE doesn't load all of the page components. I've created simply test.html: <html> <body> <img src="test1.gif"><img src="test2.gif"><img src="test2.gif"> <img src="test1.gif"><img src="test2.gif"><img src="test2.gif"> (some more repetition of above line) </body> </html> put it into DocumentRoot and requested it from the MSIE. Randomly choosen pictures did not come up, and MSIE showed well-known red X sign for them. Then I refreshed the page, and some of the pictures became visible, but the other were replaced with X sign. I restarted the browser, then the workstation, then tried it on another couple of workstations with no success. I've following statements so far: * the problem exists in all version of MSIE I've installed: Win95+IE 5.5 SP2; Win98+IE 6.0, Win98+IE 6.0 SP1; WinXP+IE 6.0, WinXP+IE 6.0 SP1; EXCEPT W2000+IE6.0, which works just perfect * on WinXP IE often crashed completely (kindly offering to send a report to MS for analysis) * I could reproduce the problem on another Debian machine, and also on full-patched RedHat 7.0 * turning off the client verification in mod_ssl solves the problem completely (but I can't do this) * slowing the link (with CBQ) to as low as 64kbps also solves the problem (got to throw away all 100Mbit cards ;))) * inserting stunnel between MSIE and Apache, either at the Apache side (turning of mod_ssl) or at the workstation side (no https in MSIE) solves the problem * and last, but not least, Mozilla and Opera works perfect (tell me why I'm not surprised?) Did any of you observe anything similar to this? I searched the mailing list archive, news groups, but found near nothing. I also tried to play with SetEnvIf directive, and turning off the downgrade compatibility options clearly helped some WinXP+IE 6.0 SP1 workstations, but made things worse on rest of them. Thanks for your time, -- Marcin ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
