MSIE Bugs, Summary available ?

Hi All.


We have also these "popular" MSIE SSL 3.0 Problems.

The Problem as we have found it:

We have the Apache Versions 1.3.19, 1.3.22, 1.3.23 with the mod_ssl
Versions 2.8.4 - 2.8.7 running on different systems.
No proxy, no Firewall in between, just plain LAN.

We have tested all available browsers. The result is pretty obvious:

All non-Microsoft browsers work flawlessly ( Netscape, Mozilla, konqueror,
galeon, wget, cURL etc. )

All MSIE's do not work (incl. 5.0, 5.5, 6.0x Versions).

Not working means: They work most of the time, but now and then especially
if the webuser is a minute or more idle the next request gives the infamous
"page cannot be displayed, server or dns error" - blaming nonsense.

Of course all standard MSIE workarounds are enabled.
Also I have found a document via Google with a list of especially
buggy implemented ciphers and have disabled them all.

But to no avail.


Does anybody have any summary for any possible solution to these bugs.

(Yes, I know the only real solution is to not use MSIE, but we cannot force
every user to use a real webbrowser).

Thanks for your time.


--
Christoph Gröver, grover@sitepark.com
Sitepark, Gesellschaft für Informationsmanagement mbH
Rothenburg 14-16, D-48143 Münster, Telefon (0251) 48265-50
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: MSIE Bugs, Summary available ?

My money is on a SSL session resume problem. Make sure your SSL session
cache is configured correctly - one thing that really bites us all in
the butt is that some MSIE versions get annoyed when it tries to resume
a session in what it thinks is a reasonable amount of time and finds the
server refuses to do it - to satisfy this requirement you need SSL
sessions to be cached for long enough - try 10 minutes - and use ssldump
to verify that sessions are actually being resumed. The point here is
that according to the SSL/TLS spec it's alright for the server to refuse
to resume a session, and most other browsers handle that bit correctly.

Christoph Gröver wrote:

>Hi All.
>
>
>We have also these "popular" MSIE SSL 3.0 Problems.
>
>The Problem as we have found it:
>
>We have the Apache Versions 1.3.19, 1.3.22, 1.3.23 with the mod_ssl
>Versions 2.8.4 - 2.8.7 running on different systems.
>No proxy, no Firewall in between, just plain LAN.
>
>We have tested all available browsers. The result is pretty obvious:
>
>All non-Microsoft browsers work flawlessly ( Netscape, Mozilla, konqueror,
> galeon, wget, cURL etc. )
>
>All MSIE's do not work (incl. 5.0, 5.5, 6.0x Versions).
>
>Not working means: They work most of the time, but now and then especially
>if the webuser is a minute or more idle the next request gives the infamous
>"page cannot be displayed, server or dns error" - blaming nonsense.
>
>Of course all standard MSIE workarounds are enabled.
>Also I have found a document via Google with a list of especially
>buggy implemented ciphers and have disabled them all.
>
>But to no avail.
>
>
>Does anybody have any summary for any possible solution to these bugs.
>
>(Yes, I know the only real solution is to not use MSIE, but we cannot force
>every user to use a real webbrowser).
>
>Thanks for your time.
>
>
>
>


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: MSIE Bugs, Summary available ?

http://www.mail-archive.com/modssl-users@modssl.org/msg10542 .html

> All MSIE's do not work (incl. 5.0, 5.5, 6.0x Versions).
>
> Not working means: They work most of the time, but now and then especially
> if the webuser is a minute or more idle the next request gives the
infamous
> "page cannot be displayed, server or dns error" - blaming nonsense.

This sounds a lot like a problem I ran into with 2.7.2 running on Windows
2000. I reported it in mod_ssl's bugdb as PR #528 (see
http://marc.theaimsgroup.com/?l=apache-modssl&m=983619966270 02&w=2 or
http://www.mail-archive.com/modssl-users@modssl.org/msg10542 .html ).

This was fixed in 2.8.2, however, but only for Win32 (there's
platform-specific read/write code in io_engine.c). The basic problem was
that MSIE would somehow cause the socket to appear ready for reading, but
there would be no data yet on the socket. This was treated as a failure,
and the end result was MSIE's generic DNS error. The fix was to detect this
case and retry (the logic already existed in another Win32-specific
routine). See SSL_recvwithtimeout() and/or SSL_writewithtimeout().

You don't say what platform(s) you are running on, but if it's not Win32, I
suppose it's possible that the same problem could be present in the other
platform-specific variations doing I/O. (I have not looked to see if this is
the case). You could see if a similar change would be appropriate there.

Since implementing this fix about a year and a half ago (we actually ran
with the fix before it was delivered in 2.8.2), we no longer experience this
problem with MSIE.

Good luck,

Martin Dickau, ByAllAccounts
mdickau@byallaccounts.com



____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: MSIE Bugs, Summary available ?

Hello Peter Viertel.

Thank you for your answer.

I have controlled the session timeout. It is 300 secs for all servers.

I have changed it to 600 secs now. But I believe we had this problem
with far less idle time on the client side (20 secs up to 200 secs).
But we will see if it helps.

On the other side, all MSIE's also fail from time to time when we
are just continousely browsing the site with no pauses at all.
This happens less often, but it happens.


So there may be at least two separate problems.

Greetings.


--
Christoph Gröver, grover@sitepark.com
Sitepark, Gesellschaft für Informationsmanagement mbH
Rothenburg 14-16, D-48143 Münster, Telefon (0251) 48265-50
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: MSIE Bugs, Summary available ?

Does anyone knows why the fix is only for Win32 platform.
Does it have any sense for Unix platform/

Gilles

> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of Martin Dickau
> Sent: Thursday, August 22, 2002 6:13 AM
> To: modssl-users@modssl.org
> Subject: Re: MSIE Bugs, Summary available ?
>
>
> http://www.mail-archive.com/modssl-users@modssl.org/msg10542 .html
>
> > All MSIE's do not work (incl. 5.0, 5.5, 6.0x Versions).
> >
> > Not working means: They work most of the time, but now and then
> especially
> > if the webuser is a minute or more idle the next request gives the
> infamous
> > "page cannot be displayed, server or dns error" - blaming nonsense.
>
> This sounds a lot like a problem I ran into with 2.7.2 running on Windows
> 2000. I reported it in mod_ssl's bugdb as PR #528 (see
> http://marc.theaimsgroup.com/?l=apache-modssl&m=983619966270 02&w=2 or
> http://www.mail-archive.com/modssl-users@modssl.org/msg10542 .html ).
>
> This was fixed in 2.8.2, however, but only for Win32 (there's
> platform-specific read/write code in io_engine.c). The basic problem was
> that MSIE would somehow cause the socket to appear ready for reading, but
> there would be no data yet on the socket. This was treated as a failure,
> and the end result was MSIE's generic DNS error. The fix was to
> detect this
> case and retry (the logic already existed in another Win32-specific
> routine). See SSL_recvwithtimeout() and/or SSL_writewithtimeout().
>
> You don't say what platform(s) you are running on, but if it's
> not Win32, I
> suppose it's possible that the same problem could be present in the other
> platform-specific variations doing I/O. (I have not looked to see
> if this is
> the case). You could see if a similar change would be appropriate there.
>
> Since implementing this fix about a year and a half ago (we actually ran
> with the fix before it was delivered in 2.8.2), we no longer
> experience this
> problem with MSIE.
>
> Good luck,
>
> Martin Dickau, ByAllAccounts
> mdickau@byallaccounts.com
>
>
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

xsl to xsl redirects

Hi,
This probably isn't the right group for this problem
and its probably just a bug with MSIE but I thought I
would see if anyone else has had this problem.
Basically I have a link on an XML/XSL generated page
on a http server which sends the user to a local
redirect (either via cgi or mod_rewrite). The
redirect then sends the browser to a XML/XSL generated
page on a secure https server.
When an MSIE user (haven't tried other browsers
which support XSL) clicks on the link MSIE fetches the
redirect and fetches the XML from the secure server.
But then MSIE makes no attempt to fetch the XSL and
returns an error saying 'Cannot view XML input using
style sheet.' (see below). When the user hits reload,
the browser fetches the redirect again (from the http
server), the XML again (from the https server), and
successfully fetches the XSL (from the https server).

Browser paths:
http:// XML/XSL --link-->
http:// cgi --redirect-->
https:// XML/XSL (Error)

hit reload:
http:// cgi --redirect-->
https:// XML/XSL (Success)

Any ideas?
-David Wagner
dkw9992@yahoo.com


ps.. since I think this is a MSIE bug, I don't think
my webserver config matters. But for what its worth,
I am using Apache 1.3.26 which modssl 2.8.10.

pps.. I have a work around using meta-refresh, but I
really really would rather not use it.

The error MSIE reports:

The XML page cannot be displayed
Cannot view XML input using style sheet. Please
correct the error and then click the Refresh button,
or try again later.


------------------------------------------------------------ --------------------

Access is denied. Error processing resource
'http://localhost/redirect/b.cgi'.





__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: MSIE Bugs, Summary available ?

Hello Peter Viertel. Hello Others.

Increasing the session timeout actually helped with the problem that
after the users have filled in a form they get the MSIE error.
Thank you for this suggestion.

This was the most annyoing part, because people had to refill the
fields.


But still we/our customers do get spontaneous errors with MSIE.
Sometimes the first request, sometimes it takes up to 15 minutes
before it happens.

Well, we keep trying ;-).

Bye
--
Christoph Gröver, grover@sitepark.com
Sitepark, Gesellschaft für Informationsmanagement mbH
Rothenburg 14-16, D-48143 Münster, Telefon (0251) 48265-50
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org