httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joseph A Nagy Jr <joseph_a_nagy...@charter.net>
Subject Re: [users@httpd] https not working for MSIE.
Date Wed, 14 May 2003 15:10:04 GMT
kulkarni veena wrote:
> Hello,
> 
> MY SSL.conf config is as follows:
> 
> Listen 443
> Listen 130.86.71.139:443
> SSLSessionCache        
> dbm:/var/apache/logs/ssl_scache
> SSLSessionCacheTimeout  300
> SSLMutex  file:/var/apache/logs/ssl_mutex
> <VirtualHost hawk.ecs.csus.edu:443>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
> 
> Also, my Document root for http and ssl is different.
> and my certificates are in PEM code.
> 
> It is mostly the same as default except for few
> changes.
> 
> --veena
> 
> 
> --- Zac Stevens <zts@cryptocracy.com> wrote:
> 
>>Hi Veena,
>>
>>On Tue, May 13, 2003 at 09:44:55PM -0700, kulkarni
>>veena wrote:
>>
>>>Thanks. i did try all of the options given in the
>>
>>faq
>>
>>>except for trying out different openssl version
>>
>>(i'm
>>
>>>using 0.9.7a).
>>>
>>>Nothing so has worked, i will try changing openssl
>>>version.
>>
>>That being the case, what are the browser-specific
>>SSL options you
>>currently have in your configuration for MSIE
>>clients?  
>>
>>You should definitely be using OpenSSL 0.9.7a - it's
>>the latest recommended
>>version.
>>
>>
>>>The weird thing is https works with all Netscape
>>>versions but with NONE MSIE (5.x & 6.X).
>>
>>As per the FAQ entry I pointed at, it's not weird at
>>all.  MSIE has a lot
>>of quirks in its SSL implmentation - some related to
>>its support for
>>particular ciphers, others to nonstandard behaviour
>>it expects to find when
>>talking to the server.
>>
>>I would go so far as to claim that it is not
>>possible for a "vanilla" SSL 
>>configuration (ie, one without user-agent specific
>>options) to work with 
>>a "vanilla" IE installation - so the exact
>>configuration you are running is
>>quite important.
>>
>>Cheers,
>>
>>
>>Zac

Why do I get the feeling that kulkarni is still looking for a server 
side solution to a client side problem?



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message