tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Bremford" <mi...@paperx.com>
Subject SOLUTION: Tomcat w/ Apache/SSL - nokeepalive not working
Date Tue, 19 Sep 2000 14:20:08 GMT
After finally recompiling wget to handle SSL (why the **** does Solaris have
no /dev/random?) I found the problem.

Internet Explorer 5.0 doesn't like "Transfer-Encoding: chunked" through SSL
when
the first line of the returned file is blank (thanks Ricardo for saving me
hours of frustration)

Just make sure the first line returned from your JSP isn't blank, and you're
pages
will magically work with IE 5.0 under SSL.

This has been discussed before - see
http://archives2.real-time.com/rte-tomcat/2000/Jun/msg01564.html, or go to
the archives and search for "Transfer Encoding" - it seems to break a few
things, not just IE.

Incidentally, setting force-response 1.0 didn't fix this problem, despite
the fact that Transfer-Encoding is new in HTTP/1.1. Go figure.


Cheers... Mike


> -----Original Message-----
> From: GOMEZ Henri [mailto:hgomez@slib.fr]
> Sent: 19 September 2000 08:23
> To: tomcat-user@jakarta.apache.org
> Subject: RE: Tomcat w/ Apache/SSL - nokeepalive not working
>
>
> >
> >Has anyone managed to get Apache+mod_ssl to turn off keepalive when
> >returning results from Tomcat to Internet Explorer?
> >Or, in shorter sentences:
> >
> >Internet Explorer has a bug with keepalive and SSL - it needs
> >to be turned
> >off, otherwise even when your page has finished the browser
> >will look like
> >it's still loading.
>
> Nice remarq. I'm using Apache 1.3.12 + mod_ssl 2.6.6 + mod_jk for some
> time now but didn't see that problem.
>
> >The usual way to do this is adding the following string to
> >your httpd.conf
> >file in Apache:
> >
> >BrowserMatch "MSIE" nokeepalive ssl-unclean-shutdown downgrade-1.0
> >force-response-1.0
>
> Still needed for recent MSIE ? I'm using IE 5.01 without any
> problems with mod_jk. I didn't remember when using mod_jserv.
>
> >This works fine for static files (which are served by Apache),
> >but not for
> >anything returned by Tomcat.
> >
> >I've tried adding response.setHeader ("Connection", "Close")
> >to the JSP, or
> >even in a moment of desperation adding <META HTTP-EQUIV="Connection"
> >CONTENT="Close">. No joy.
>
> Yep, the AJP and Apache could have their own idea of what to do
> with the connection. Especially the new AJP13 used in mod_jk which
> try to reuse connections
>
> >I haven't tested this with Tomcats SSL connection directly, but as I
> >couldn't find any mention of "keep-alive" in the source for
> >3.2b3, unless
> >this is handled in the SSLFactory library (which I doubt) I
> wouldn't be
> >surprised if it's there too. I also haven't tested with mod_jk, only
> >mod_jserv
> >
> >Setup, once again, is Solaris/Apache 1.3.12 + mod_ssl 2.6.6
> talking to
> >Tomcat 3.2b3 via mod_jserv.
> >
> >Here's the excerpt from my httpd.conf:
> >
> ><VirtualHost _default_:443>
> >BrowserMatch "MSIE" nokeepalive ssl-unclean-shutdown downgrade-1.0
> >force-response-1.0
> >DocumentRoot "/web/jackson"
> >ApJServMount /servlet ajpv12://localhost:8007/ROOT
> >ServerName jackson.paperx.com
> >ServerAdmin mike@jackson.paperx.com
> >ErrorLog /usr/local/apache/logs/error_log
> >TransferLog /usr/local/apache/logs/access_log
> >SSLEngine on
> >SSLCipherSuite
> >ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> >SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
> >SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
> ></VirtualHost>
> >
>
> Could be nice to tell more information about browser used and also
> how to see the problem (the stop buton is active on the browser ?)
>
> Regards
>


Mime
View raw message