Re: Apache 2.0 + mod_ssl problems with IE6 on XP (no SP2)
Hi Mark, Did you try Google http://www.google.com/search?q=Starfield+cert+ie6? I guess, the root certificate causes the trouble. Sven. Mark Beiley schrieb: Hi Sven, Thanks for the reply. I believe I have KeepAlive off for this browser. In my ssl.conf file I have: SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Thanks, Mark http://www.beiley.com Hi Mark, Do you have KeepALive on in you server config for this browser? Sven. Mark Beiley schrieb: Hello, Several customers are not able to access my server via HTTPS. Their browser just sits there, and doesn't display anything. I've determined the common properties of these cases to be: Windows XP (all of them without SP2) Internet Explorer 6 I can see their requests show up fine in my log files, without errors. These customers can visit other HTTPS sites. My site works fine for the vast majority of people. I'm stumped on the next step to try and debug the problem. Any suggestions? My server configuration: Apache 2.0.54 with mod_ssl and mod_deflate, running on Windows XP For an example URL, try: https://www.beileysoftware.com/handy.html Thanks, Mark http://www.beiley.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] -- Sven Geisler [EMAIL PROTECTED] Tel +49.30.921017.81 Fax .50 Senior Developer, AEC/communications GmbH Co. KG Berlin, Germany __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: MSIE Patch level
Hi Mariom I did some change to the config related to M$IE 6.0. I increased the KeepAliveTimeout to 360. I removed the general rule for M$IE and SSL and set it to SetEnvIf User-Agent .*MSIE.* ssl-unclean-shutdown SetEnvIf User-Agent .*MSIE 5.*ssl-unclean-shutdown nokeepalive downgrade-1.0 force-response-1.0 It is only for https pages (SSLEngine on). The rest is mostly default. This is all to enable keepalive and HTTP/1.1 for M$IE 6.0. I didn't pay attention to M$IE 5.0 because my customer didn't use this once. I hope this helps you. Regards Sven. Am Di, den 13.07.2004 schrieb Mario Ottone um 00:30: Hi to all, i've a problem apparently imputable to MS Internet Explorer. I run an Apache 1.3.22 with modssl 2.8.5 and openssl 0.9.6i. The connection is established on a standard https with SSLVerifyClient require option. All works fine if i use mozilla (ver. 1.5 and later), but when i use IE the connection is established correctly only when i install some patch. My experience on this problem is that only combinations of O.S. version, O.S. service pack, IE version, IE service pa ck and IE patch works correctly and other combinations doesn't work. Does anybody knows other valid combinations of such pieces of software that works properly? Does anybody knows if modss and openssl has some glitch or bug that cause that problem? TIA for the time you want to dedicate to this issue. Working combinations: Win XP Pro SP1 IE 6.0.2800.1106: SP1; Q832894 Win 2k Pro SP4 IE 6.0.2800.1106: SP1; Q832894 Win 2k Pro SP2 IE 6.0.2800.1106: SP1 Win 2k Pro SP2 IE 5.50.4807.2300: SP1; Q832894 Win 2k Pro IE 6.0.2800.1106: SP1; Q832894 or IE 5.00.2195: SP2; SRP1; Q329115; Q323172 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: AW: T-Online software 5.0
Hi Michael, Sometimes the solution is simple. You're properly right. I fixed the .conf. Thx Sven. Am Mo, den 24.05.2004 schrieb Michael Pfannkuchen um 15:03: Hallo Sven, these client-related problems are strange sometimes : I remember a problem, where MSIE browsers crashed when using Javascript to load pictures over a SSL-connection ... But to your problem: I'd start to play with the following setting in your ssl.conf: SetEnvIf User-Agent .*MSIE. 5.*ssl-unclean-shutdown nokeepalive Maybe there is only a '' missed before the RegEx ... Good luck : michael -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Sven Geisler Gesendet: Mittwoch, 19. Mai 2004 17:07 An: [EMAIL PROTECTED] Betreff: T-Online software 5.0 Hi, I upgraded from RedHat 7.3 to RedHat Enterprise Linux 3.0 with httpd-2.0.46-32.ent.rpm and mod_ssl-2.0.46-32.ent.rpm. Users with T-Online software 5.0 can't use https since this update. Http works fine for this users. I used the standard rpm from RedHat 7.3 before. The browser sting of the T-Online software: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; DT) Did anyone have an idea? Sven. My ssl config: SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 SSLMutex file:logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP SSLCertificateFile conf/ssl.crt/... SSLCertificateKeyFile conf/ssl.key/... SetEnvIf User-Agent .*MSIE.* ssl-unclean-shutdown SetEnvIf User-Agent .*MSIE. 5.*ssl-unclean-shutdown nokeepalive downgrade-1.0 force-response-1.0 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
T-Online software 5.0
Hi, I upgraded from RedHat 7.3 to RedHat Enterprise Linux 3.0 with httpd-2.0.46-32.ent.rpm and mod_ssl-2.0.46-32.ent.rpm. Users with T-Online software 5.0 can't use https since this update. Http works fine for this users. I used the standard rpm from RedHat 7.3 before. The browser sting of the T-Online software: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; DT) Did anyone have an idea? Sven. My ssl config: SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 SSLMutex file:logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP SSLCertificateFile conf/ssl.crt/... SSLCertificateKeyFile conf/ssl.key/... SetEnvIf User-Agent .*MSIE.* ssl-unclean-shutdown SetEnvIf User-Agent .*MSIE. 5.*ssl-unclean-shutdown nokeepalive downgrade-1.0 force-response-1.0 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: T-Online software 5.0
Hi Joe, I have LogLevel warn in httpd.conf. The error log hasn't any error for this users. Thx Sven. Am Mi, den 19.05.2004 schrieb Joe Orton um 17:25: On Wed, May 19, 2004 at 05:06:51PM +0200, Sven Geisler wrote: Hi, I upgraded from RedHat 7.3 to RedHat Enterprise Linux 3.0 with httpd-2.0.46-32.ent.rpm and mod_ssl-2.0.46-32.ent.rpm. Users with T-Online software 5.0 can't use https since this update. Http works fine for this users. I used the standard rpm from RedHat 7.3 before. Try adding LogLevel info to the SSL vhost config: what errors do you get in the ssl_error_log when such users connect? joe __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Https problems with MSIE
Hi Torvald, You can find a tip regarding the MSIE issue at http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49. I also discovered that the newest MSIE has more trouble with mod_ssl than other browsers. We saw that a MS Proxy Server (or MS ISA Server) with enabled authentification using NTLM increase the issue. We use the another way to resolve the MSIE keepalive issue. We have set up a KeepaliveTimeout of 120 seconds. The apache server may need more memory resources because there are more open apache processes to cope with the longer timeout. Regards, Sven. Am Don, 2003-09-25 um 08.18 schrieb Torvald Baade Bringsvor: Hello. We have a user with MSIE 6.00.2800.1106 who is unable to connect to one of the sites we are hosting (https://www.lindorffd.com). He is using Windows 2000 SP3. Have any of you had problems with MSIE 6.0 browsers? I have seen suggestions to disable SSLv3, but wouldnt that adversely affect other users? Any suggestions are welcome. -Torvald __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Sven Geisler [EMAIL PROTECTED] AEC/communications GmbH __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Https problems with MSIE
Am Don, 2003-09-25 um 10.24 schrieb Torvald Baade Bringsvor: You can find a tip regarding the MSIE issue at http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49. --I have already done this, to get MSIE 5.0 browsers to work. I also discovered that the newest MSIE has more trouble with mod_ssl than other browsers. We saw that a MS Proxy Server (or MS ISA Server) with enabled authentification using NTLM increase the issue. We use the another way to resolve the MSIE keepalive issue. We have set up a KeepaliveTimeout of 120 seconds. The apache server may need more memory resources because there are more open apache processes to cope with the longer timeout. --Hmmm... but the FAQ mentioned the nokeepalive option, wouldnt that cancel the KeepAliveTimeout?? Yup. But did you aktivate nokeepalive for MSIE as discribed in the FAQ? We activate the Keepalive feature for all MSIE against the FAQ to provide a more performanter connection. Sven. -Torvald __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Sven Geisler [EMAIL PROTECTED] AEC/communications GmbH __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]