IE6 & SSL problems

OK, I know the IE/SSL issue has been discussed in the past. I've read as many
posts and FAQs on the issue as I can. All of the fixes that I've found are
implemented in my configuration (in fact, was done so automatically at server
build time).

All of my users run IE 5.5, 5.5sp2, 6, or 6sp1 as they are all Windows 2000.
When attempting to access the secure area on my webserver, they recieve a 'page
cannot be displayed' error. Upon refresh, 70% of the page will properly appear.
Another refresh and the rest may appear OR the error will come up again.
Another refresh and the same thing OR it will come up fine. It's a vicious
cycle, I tell ya!

I have been able to confirm the error on both Win98 & Win2k using IE6 and 6sp1.

I do get this error in the log files from time to time:

[Wed Sep 11 10:27:48 2002] [error] mod_ssl: SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!] (System error follows)

But, more often (in fact, on any IE access), I see this in my logs:

[Tue Sep 24 00:30:00 2002] [notice] child pid 3713 exit signal Segmentation
fault (11)
[Tue Sep 24 00:30:03 2002] [notice] child pid 4234 exit signal Segmentation
fault (11)
[Tue Sep 24 00:30:08 2002] [notice] child pid 3711 exit signal Segmentation
fault (11)

Upon a SIGHUP of apache, IE will work beautifully for, maybe, 3 minutes, then
the errors start all over again. Sigh.

Of course, no problem with Netscape or Mozilla on Windows or UNIX.

Server config is as follows:

Red Hat 6.2, Apache 1.3.26, PHP 4.12, mod_ssl 2.8.10, OpenSSL 0.9.5a.
Certificate is self-signed test cert.

Snips from http.conf:

SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache
SSLSessionCacheTimeout 300

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

Any other pointers would be GREATLY appreciated. :)

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: IE6 & SSL problems

> All of my users run IE 5.5, 5.5sp2, 6, or 6sp1 as they are all Windows 2000.
> When attempting to access the secure area on my webserver, they recieve a 'page
> cannot be displayed' error. Upon refresh, 70% of the page will properly appear.
> Another refresh and the rest may appear OR the error will come up again.
> Another refresh and the same thing OR it will come up fine.

Cool. I've never seen this one, and I use IE (various versions) to
access apache (various versions, various OSes) zillions of pages on my
servers everyday.

> [Tue Sep 24 00:30:00 2002] [notice] child pid 3713 exit signal Segmentation
> fault (11)
> [Tue Sep 24 00:30:03 2002] [notice] child pid 4234 exit signal Segmentation
> fault (11)
> [Tue Sep 24 00:30:08 2002] [notice] child pid 3711 exit signal Segmentation
> fault (11)

This is a bad sign... have you got any unusual modules loaded? I know of
one vendor that has an Apache module that conflicts with libssl if they
are loaded the right way.

> Server config is as follows:
>
> Red Hat 6.2, Apache 1.3.26, PHP 4.12, mod_ssl 2.8.10, OpenSSL 0.9.5a.

0.9.5a is ancient... It looks like you're building apache and mod_ssl
from source; I'd build openssl (0.9.6g) from source too and use that
instead of the RH6.2 distributed openssl libraries.

--
Harald Koch

"It takes a child to raze a village."
-Michael T. Fry
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: IE6 & SSL problems

Due to unaviodable circumstances, I am away from the office until the Monday 30th September 2002

I will get back to you as soon as i can on my return.

If it's an urgent Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter
that requires urgent attention then please contact either Kirsteen1, Sanjay1 or Jeff1
who should be able to help.

If the problem relates to mubsweb please contact sanjay1
If the probelm relates to OASIS or WebCT please contact Kirsteen1
If your query relates to mbs1111 or it support please contact Jeff1

All the best
Alex
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: IE6 & SSL problems

Quoting Harald Koch :

> > All of my users run IE 5.5, 5.5sp2, 6, or 6sp1 as they are all Windows
> 2000.
> > When attempting to access the secure area on my webserver, they recieve a
> 'page
> > cannot be displayed' error. Upon refresh, 70% of the page will properly
> appear.
> > Another refresh and the rest may appear OR the error will come up again.
>
> > Another refresh and the same thing OR it will come up fine.
>
> Cool. I've never seen this one, and I use IE (various versions) to
> access apache (various versions, various OSes) zillions of pages on my
> servers everyday.

Yeah, kinda nifty, eh? ;)

>
> > [Tue Sep 24 00:30:00 2002] [notice] child pid 3713 exit signal
> Segmentation
> > fault (11)
> > [Tue Sep 24 00:30:03 2002] [notice] child pid 4234 exit signal
> Segmentation
> > fault (11)
> > [Tue Sep 24 00:30:08 2002] [notice] child pid 3711 exit signal
> Segmentation
> > fault (11)
>
> This is a bad sign... have you got any unusual modules loaded? I know of
> one vendor that has an Apache module that conflicts with libssl if they
> are loaded the right way.

No unusual modules loaded. httpd -l output is:
Compiled-in modules:
http_core.c
mod_env.c
mod_log_config.c
mod_mime.c
mod_negotiation.c
mod_status.c
mod_include.c
mod_autoindex.c
mod_dir.c
mod_cgi.c
mod_asis.c
mod_imap.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_rewrite.c
mod_access.c
mod_auth.c
mod_so.c
mod_setenvif.c
mod_ssl.c
suexec: disabled; invalid wrapper /usr/local/apache/bin/suexec

>
> > Server config is as follows:
> >
> > Red Hat 6.2, Apache 1.3.26, PHP 4.12, mod_ssl 2.8.10, OpenSSL 0.9.5a.
>
> 0.9.5a is ancient... It looks like you're building apache and mod_ssl
> from source; I'd build openssl (0.9.6g) from source too and use that
> instead of the RH6.2 distributed openssl libraries.

Yeah, and with finally catching up on my bugtraq last night, I've read more into
the OpenSSL funnies that have been happening lately. Will update the OpenSSL
and rebuild everything tonight. Thanks for the tips

Shawn

>
> --
> Harald Koch
>
> "It takes a child to raze a village."
> -Michael T. Fry
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
>
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org