SSL problem with IE on Apache Server (long)
by Tenley Shewmake <ts(at)awebresource.com>
|
| Date: |
Sat, 20 Oct 2001 09:00:00 -0700 |
| To: |
Testing at HWG <hwg-testing(at)hwg.org> |
| |
todo: View
Thread,
Original
|
|
Hi,
Hope someone can help with our INTERMITTENT problem. I'm the site
designer, not the programmer, and I'm trying to understand the nature of
our shopping cart problem, and consequences of a possible fix.
It seems to be occurring when moving from the regular to the secure
server. During the ordering process, with MSIE only (both 5.0 and 5.5 on
win 98) the user sometimes gets a dns error message (full text below).
It has NEVER happened using Netscape 4.75. Our web host tech says it
doesn't happen with IE 5.5 on his win2000, but I doubt they tried hard.
It happens anywhere from 10% to 50% of the time for me and the client.
In my investigations I have found these possible fixes, and I need help
understanding the implications.
from http://www.mail-archive.com/modssl-users(at)modssl.org/msg11997.html
> >BrowserMatch "MSIE [1-4]" nokeepalive ssl-unclean-shutdown \
> > downgrade-1.0 force-response-1.0
> >
> >BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown
from http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49
> The first reason is that the SSL implementation in some MSIE versions has some subtle bugs related
> to the HTTP keep-alive facility and the SSL close notify alerts on socket connection close.
> Additionally the interaction between SSL and HTTP/1.1 features are problematic with some MSIE
> versions, too. You've to work-around these problems by forcing Apache+mod_ssl+OpenSSL to not
> use HTTP/1.1, keep-alive connections or sending the SSL close notify messages to MSIE clients.
> This can be done by using the following directive in your SSL-aware virtual host section:
>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
The site is at http://www.driednaturals.com/ If you want to place a test
order use a visa card with the number 4111 1111 1111 1111
ERROR MESSAGE
> ###############################
> The page cannot be displayed
> The page you are looking for is currently unavailable. The Web site
> might be experiencing technical difficulties, or you may need to adjust
> your browser settings.
>
> --------------------------------------------------------------------------------
>
> Please try the following:
>
> Click the Refresh button, or try again later.
>
> If you typed the page address in the Address bar, make sure that it is
> spelled correctly.
>
> To check your connection settings, click the Tools menu, and then click
> Internet Options. On the Connections tab, click Settings. The settings
> should match those provided by your local area network (LAN)
> administrator or Internet service provider (ISP).
> If your Network Administrator has enabled it, Microsoft Windows can
> examine your network and automatically discover network connection
> settings.
> If you would like Windows to try and discover them,
> click Detect Network Settings
> Some sites require 128-bit connection security. Click the Help menu and
> then click About Internet Explorer to determine what strength security
> you have installed.
> If you are trying to reach a secure site, make sure your Security
> settings can support it. Click the Tools menu, and then click Internet
> Options. On the Advanced tab, scroll to the Security section and check
> settings for SSL 2.0, SSL 3.0, TLS 1.0, PCT 1.0.
> Click the Back button to try another link.
>
>
>
> Cannot find server or DNS Error
> Internet Explorer
> ########################
--
Best Regards,
Tenley
Tenley Shewmake
ts(at)awebresource.com
HWG hwg-testing mailing list archives,
maintained by Webmasters @ IWA