IE problems with SSL handshake

Thu, 15 Feb 2001 12:32:56 -0800

Greetings
 
    A few weeks ago I began to look at possibilities into implementing
SSL into a webserver I work with.  I began by looking at numerous examples
(as well as ordering the SSL/TLS book I have heard so much about, but it
still has not arrived), and after a lot of playing around I am able to establish an SSLv23 handshake.
 
I am able to establish a handshake w/ OpenSSL's 's_client' using the -ssl3 paremeter
along with -state -debug -showcerts for debugging information.  no errors.  certificate
information comes up and it seems all bytes were written and read correctly.
 
so, it came time to load up an HTTPS client and try it out.  The first thing I did
was load up IE and try to pull up the page (note, right now that the handshake is
the only thing that is functional, it won't actually load up a page.)
 
IE was not able to load up the certificate information, and a warning box came up and said
'ssl protocol error' or something along those lines.  Other versions of IE didn't even
give an error, but rather just a 'page cannot be displayed'.
 
Devestated (heh), I began to dig through the openssl-users archives to see what the problem
could be.  I came across a message about 'problems with IE but netscape can load it..'
it was a message regarding mod_ssl with apache (and just explained some paremeters you can
pass inside httpd.conf to fix those issues) so not much said in the message was useful to me.
HOWEVER i was able to load the URL and establish an ssl connection w/ Netscape 4.7 and Netscape 6.
It brought up the pretty certificate window and asked if i wanted to accept it / displayed the information
correctly. 
 
My question is:  whats the deal with IE? what do I need to do to fix these kind of issues?
 
a few notes:
    I'm using SSL_set_fd() on a blocking file descriptor for the socket.
 
    I am doing error checking on SSL_accept() and it seems once in a while (only in IE)
    I will get an "SSL_ERROR_SSL" from SSL_get_error().
 
    I thought about braving through the mod_ssl code to see what I could come up with
    but i thought I would check here first and see if you guys had any pointers.
 
 
Thanks in advance,
 
    Joshua C. Bergeron
 

Reply via email to