[ic] unable to display page errors

Stefan Hornburg Racke interchange-users@interchange.redhat.com
Fri Oct 5 05:11:01 2001 

"Dan Browning" <danpb@mail.com> writes:


[...]

> 
> We ran into this problem with clients that have IE 5.0/4.0 that haven't been
> patched to .02 versions or upgraded to 128-bit encryption.  Upgrading
> OpenSSL/mod_ssl seemed to help (big recompiling pain, though), as well as
> making sure Apache was set for:
> 
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
> 
> (see http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49)
> 
> I'm not sure we even got all the problems, but it has helped a lot.  It
> would be good to build a browser-client database of what is needed for the
> most compatibility.  But it is so much work to build multiple windows boxes
> / VMware images for all the different versions of IE (since it is impossible
> to load two simultaneous versions like Netscape).  I don't think it matters,
> but we're using Verisign 128-bit certs, BTW.
> 
> Also see Microsoft bug reports re. buggy SSL in IE:
> 
> http://support.microsoft.com/support/kb/articles/Q247/3/67.ASP?LN=EN-US&SD=g
> n&FR=0&qry=SSL%20128-bit&rnk=3&src=DHCS_MSPSS_gn_SRCH&SPR=IE
> 
> http://support.microsoft.com/support/kb/articles/Q257/9/78.ASP?LN=EN-US&SD=g
> n&FR=0&qry=SSL%20128-bit&rnk=4&src=DHCS_MSPSS_gn_SRCH&SPR=IE
> 
> (there are some more too, can't find them, anyone else got them?)
> 
> Verisign has some good info on the problem too:
> 
> http://www.verisign.com/cgi-bin/kb/clearexp_cgi/solution.htm?probdesc.objid=
> 268500870
> 
> HTH.  Racke, if you do pinpoint it, would you let me know?

I think this problem is pretty confirmed and the MS-using guys in my
company admitted that the SSL-implementation of IE is buggy. I'll try
to figure a working setup for Apache/mod-ssl.

Thanks for your good problem report.

Ciao
        Racke

-- 
Racke happily hacks Interchange and maintains Debian packages like Courier.

For projects and other business stuff please refer to COBOLT NetServices
(URL: http://www.cobolt.net; Email: info@cobolt.net; Phone: 0041-1-3884400)