Https problems with MSIE
Hello. We have a user with MSIE 6.00.2800.1106 who is unable to connect to one of the sites we are hosting (https://www.lindorffd.com). He is using Windows 2000 SP3. Have any of you had problems with MSIE 6.0 browsers? I have seen suggestions to disable SSLv3, but wouldnt that adversely affect other users? Any suggestions are welcome. -Torvald __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Https problems with MSIE
Hi Torvald, You can find a tip regarding the MSIE issue at http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49. I also discovered that the newest MSIE has more trouble with mod_ssl than other browsers. We saw that a MS Proxy Server (or MS ISA Server) with enabled authentification using NTLM increase the issue. We use the another way to resolve the MSIE keepalive issue. We have set up a KeepaliveTimeout of 120 seconds. The apache server may need more memory resources because there are more open apache processes to cope with the longer timeout. Regards, Sven. Am Don, 2003-09-25 um 08.18 schrieb Torvald Baade Bringsvor: Hello. We have a user with MSIE 6.00.2800.1106 who is unable to connect to one of the sites we are hosting (https://www.lindorffd.com). He is using Windows 2000 SP3. Have any of you had problems with MSIE 6.0 browsers? I have seen suggestions to disable SSLv3, but wouldnt that adversely affect other users? Any suggestions are welcome. -Torvald __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Sven Geisler [EMAIL PROTECTED] AEC/communications GmbH __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Https problems with MSIE
-Original Message- From: Torvald Baade Bringsvor [mailto:[EMAIL PROTECTED] Sent: Donnerstag, 25. September 2003 08:19 To: '[EMAIL PROTECTED]' Subject: Https problems with MSIE Hello. We have a user with MSIE 6.00.2800.1106 who is unable to connect to one of the sites we are hosting (https://www.lindorffd.com). He is using Windows 2000 SP3. I have exactly the same version of browser (6.00.2800.1106) and can confirm I connected successfully about 3 minutes ago. Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. Have any of you had problems with MSIE 6.0 browsers? I have seen suggestions to disable SSLv3, but wouldnt that adversely affect other users? Any suggestions are welcome. -Torvald __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Swiss Exchange. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Swiss Exchange. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière de la SWX Swiss Exchange. This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Https problems with MSIE
You can find a tip regarding the MSIE issue at http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49. --I have already done this, to get MSIE 5.0 browsers to work. I also discovered that the newest MSIE has more trouble with mod_ssl than other browsers. We saw that a MS Proxy Server (or MS ISA Server) with enabled authentification using NTLM increase the issue. We use the another way to resolve the MSIE keepalive issue. We have set up a KeepaliveTimeout of 120 seconds. The apache server may need more memory resources because there are more open apache processes to cope with the longer timeout. --Hmmm... but the FAQ mentioned the nokeepalive option, wouldnt that cancel the KeepAliveTimeout?? -Torvald __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Https problems with MSIE
Am Don, 2003-09-25 um 10.24 schrieb Torvald Baade Bringsvor: You can find a tip regarding the MSIE issue at http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49. --I have already done this, to get MSIE 5.0 browsers to work. I also discovered that the newest MSIE has more trouble with mod_ssl than other browsers. We saw that a MS Proxy Server (or MS ISA Server) with enabled authentification using NTLM increase the issue. We use the another way to resolve the MSIE keepalive issue. We have set up a KeepaliveTimeout of 120 seconds. The apache server may need more memory resources because there are more open apache processes to cope with the longer timeout. --Hmmm... but the FAQ mentioned the nokeepalive option, wouldnt that cancel the KeepAliveTimeout?? Yup. But did you aktivate nokeepalive for MSIE as discribed in the FAQ? We activate the Keepalive feature for all MSIE against the FAQ to provide a more performanter connection. Sven. -Torvald __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- Sven Geisler [EMAIL PROTECTED] AEC/communications GmbH __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
ap_http_method(r) not working
Hi folks, Any idea what would cause the ap:http:method context key that ap_http_method tries to query not to get set during an HTTPS request? In other words, the following #define from httpd.h: #define ap_http_method(r) (((r)-ctx != NULL ap_ctx_get((r)-ctx, ap::http::method) != NULL) ? ((char *)ap_ctx_get((r)-ctx, ap::http::method)) : http) always returns the defalt http. ap_default_port suffers a similar problem. The Apache I'm running is a 1.3 version obtained from an 'apache-ssl' Debian package. It handles HTTPS request just fine, but you'd never guess that from calling ap_http_method :-/ The binary's compile settings are below. Any help would be appreciated. Thanks! /usr/sbin/apache-ssl -V Server version: Apache/1.3.27 Ben-SSL/1.48 (Unix) Debian GNU/Linux Server built: Jun 26 2003 16:53:19 Server's Module Magic Number: 19990320:13 Server compiled with -D EAPI -D HAVE_MMAP -D HAVE_SHMGET -D USE_SHMGET_SCOREBOARD -D USE_MMAP_FILES -D NO_WRITEV -D HAVE_FCNTL_SERIALIZED_ACCEPT -D HAVE_SYSVSEM_SERIALIZED_ACCEPT -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D HARD_SERVER_LIMIT=4096 -D HTTPD_ROOT=/usr -D SUEXEC_BIN=/usr/lib/apache-ssl/suexec -D DEFAULT_PIDLOG=/var/run/apache-ssl.pid -D DEFAULT_SCOREBOARD=/var/run/apache-ssl.scoreboard -D DEFAULT_LOCKFILE=/var/run/apache-ssl.lock -D DEFAULT_ERRORLOG=/var/log/apache-ssl/error.log -D TYPES_CONFIG_FILE=/etc/mime.types -D SERVER_CONFIG_FILE=/etc/apache-ssl/httpd.conf -D ACCESS_CONFIG_FILE=/etc/apache-ssl/access.conf -D RESOURCE_CONFIG_FILE=/etc/apache-ssl/srm.conf --- Ken Kittlitz Vice-President, Javien Canada Inc. http://www.javien.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: ap_http_method(r) not working
On Thu, 25 Sep 2003, Ken Kittlitz wrote: #define ap_http_method(r) (((r)-ctx != NULL ap_ctx_get((r)-ctx, ap::http::method) != NULL) ? ((char *)ap_ctx_get((r)-ctx, ap::http::method)) : http) always returns the defalt http. ap_default_port suffers a similar problem. The Apache I'm running is a 1.3 version obtained from an 'apache-ssl' Debian package. It handles HTTPS request just fine, but you'd never guess that from calling ap_http_method :-/ The binary's compile settings are below. Any help would be appreciated. Thanks! /usr/sbin/apache-ssl -V Server version: Apache/1.3.27 Ben-SSL/1.48 (Unix) Debian GNU/Linux Server built: Jun 26 2003 16:53:19 Server's Module Magic Number: 19990320:13 Server compiled with -D EAPI -D HAVE_MMAP ... Why in the world would Debian ship an Apache-SSL package with EAPI support??? Maybe it's for backward binary compatibility with an older Debian distro that used mod_ssl? Anyway, certainly the reason this is not working right is that Apache-SSL (aka Ben-SSL) (as opposed to mod_ssl, which is the one supported by this mailing list) does not use EAPI at all, so it would not be calling the appropriate EAPI hooks at the right time to get those ctx variables set. Start from scratch with a stock Apache build (and get 1.3.28 while you're at it), and install mod_ssl from www.modssl.org. Then your EAPI will work right. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: ap_http_method(r) not working
At 10:56 PM 9/25/2003 -0400, Cliff Woolley wrote: Anyway, certainly the reason this is not working right is that Apache-SSL (aka Ben-SSL) (as opposed to mod_ssl, which is the one supported by this mailing list) does not use EAPI at all, so it would not be calling the appropriate EAPI hooks at the right time to get those ctx variables set. Yup, that would explain it... thanks. Start from scratch with a stock Apache build (and get 1.3.28 while you're at it), and install mod_ssl from www.modssl.org. Then your EAPI will work right. Yeah, I normally use mod_ssl and have never had a problem; it's the customer who decided to install Ben-SSL on their system. Mea culpa for not realizing it was unrelated to mod_ssl. I'll try to show them the light ;-) --- Ken Kittlitz Vice-President, Javien Canada Inc. http://www.javien.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]