httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Rognlie <rrogn...@erols.com>
Subject Re: Stronghold httpsd and IE4.0
Date Thu, 02 Oct 1997 18:27:19 GMT
Per your request, I have run the netcat command to capture the headers
being passed via Netscape vs. IE4.0.

% nc -l -p 4321 results in the following info from three different 
connections

Connection from Netscape 4.02
 
> GET /Navigator.4.02 HTTP/1.0
> Connection: Keep-Alive
> User-Agent: Mozilla/4.02 [en] (WinNT; U ;Nav)
> Host: swww.erols.com:4321
> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
> Accept-Language: en
> Accept-Charset: iso-8859-1,*,utf-8
> 
 
 
Connection from IE4.0 (HTTP/1.1 disabled)

> GET /IE4.0 HTTP/1.0
> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
> Accept-Language: en-us
> User-Agent: Mozilla/4.0 (compatible; MSIE 4.0; Windows NT)
> Host: swww.erols.com:4321
> Connection: Keep-Alive
> 
 
 
Connection from IE4.0 (HTTP/1.1 enabled) 

> GET /IE4.0 HTTP/1.1
> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
> Accept-Language: en-us
> Accept-Encoding: gzip, deflate
> User-Agent: Mozilla/4.0 (compatible; MSIE 4.0; Windows NT)
> Host: swww.erols.com:4321
> Connection: Keep-Alive
>


The only time we have a problem is IE4.0 with HTTP/1.1 enabled in 
SSL mode.  But, I can't provide headers with the above mechanism 
as they're encrypted...8^(


A report from a Microsoft (Eric Ingman <erici@microsoft.com>) said:
> I am a tester on the IE40 project.  I saw that you made the following
> post regarding a bug in IE4.0.  One issue here is that while accessing
> the change user id page... if I were to click on the URL
> https://swww.erols.com/erols/chuserid/, then it would appear that the
> Stronghold server would send portions of unencrypted data inside of the
> encrypted data stream  -- this is what a someone noticed today using a
> network sniffer.  I encourage you to check this out for yourself so that
> you can better serve your IE40 customers.  

He went on say in a later message:
> The data leaving IE4 was fine (fully encrypted), it was the data coming
> back to us from the Stronghold server that looked bad -- but you're
> right, the entire portion should be encrypted.

And finally, he mentioned:
> I suspect that the "Data area passed to a system call is too small"
> error we are having when connecting to your change user id site is
> related to this bug -- we have only had reports of errors when
> connecting to the secure Stronghold sites.  A mostly (but not entirely)
> encrypted data stream is perhaps what is choking our browser.
> Well, it's in both of our interests to find these issues before too much
> time gets by...


Please help!

Richard Rognlie
Sr. Web Administrator
Erol's Internet

Mime
View raw message