Problems with old MSIE 5.0

Hello.

After upgrading to 2.0.47 we have been experiencing problems with clients
using old MSIE 5.0 browsers (40 bit versions). They are suddenly unable to
connect, and get a "The page cannot be displayed" error.

However, disabling SSLv3 "cures" the problem.

We are using glibc-2.3.2.

The MSIE version we have tried is 5.00.2614.3500, on W2K, but quite a few
clients are experiencing problemms.

Any suggestions?

-Torvald Bringsvor
Ergo Integration AS
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Problems with old MSIE 5.0

How up to date are these versions of IE? I recall that the original IE 5.0
that shipped with Windows 2000 was quite broken with regards to SSL support
(but IE5.01 wasn't).

The last time I looked, SP3 for Windows 2000 gave you IE5.01 SP3, but SP3
wasn't available directly (only SP2). I haven't checked the situation with
SP4 (yet).

The official line from Microsoft is that IE5.01 SP2 is no longer available,
as it is in the "extended support phase":
http://www.microsoft.com/windows/ie/support/ie51exsupport.as p

-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk

After over 144 years, there's still no fossil evidence of Evolution.

> -----Original Message-----
> From: Torvald Baade Bringsvor [mailto:Torvald.Bringsvor@ergo.no]
> Sent: 29 July 2003 10:26
> To: 'modssl-users@modssl.org'
> Subject: Problems with old MSIE 5.0
>
>
> Hello.
>
> After upgrading to 2.0.47 we have been experiencing problems
> with clients
> using old MSIE 5.0 browsers (40 bit versions). They are
> suddenly unable to
> connect, and get a "The page cannot be displayed" error.
>
> However, disabling SSLv3 "cures" the problem.
>
> We are using glibc-2.3.2.
>
> The MSIE version we have tried is 5.00.2614.3500, on W2K, but
> quite a few
> clients are experiencing problemms.
>
> Any suggestions?
>
> -Torvald Bringsvor
> Ergo Integration AS
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

-

NOTICE: The information contained in this email and any attachments is
confidential and may be legally privileged. If you are not the
intended recipient you are hereby notified that you must not use,
disclose, distribute, copy, print or rely on this email's content. If
you are not the intended recipient, please notify the sender
immediately and then delete the email and any attachments from your
system.

RNIB has made strenuous efforts to ensure that emails and any
attachments generated by its staff are free from viruses. However, it
cannot accept any responsibility for any viruses which are
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email
and any attachments are those of the author and do not necessarily
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Problems with old MSIE 5.0

I dont think theese browsers are supported, no. However, quite a few clients
are using them still and our customers does not accept us tossing our hands
in the air and saying that we dont support all browsers. It has worked in
the past, and therefore it is our problem that theese browsers are indeed
broken. We have had a similar problem with 56 bit browsers before, and had a
lot of problems convincing our customers that the browsers are broken.

-Torvald
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Problems with old MSIE 5.0

That hasn't answered my question about which exact version it is. Is it SP1,
SP2, SP3 or no service pack? Those are the details that are needed to look
into this. If in fact the end user hasn't applied Microsoft's patches to
Microsoft's browser, how can that be your problem?

-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk

After over 144 years, there's still no fossil evidence of Evolution.
> -----Original Message-----
> From: Torvald Baade Bringsvor [mailto:Torvald.Bringsvor@ergo.no]
> Sent: 29 July 2003 11:21
> To: 'modssl-users@modssl.org'
> Subject: RE: Problems with old MSIE 5.0
>
>
> I dont think theese browsers are supported, no. However,
> quite a few clients
> are using them still and our customers does not accept us
> tossing our hands
> in the air and saying that we dont support all browsers. It
> has worked in
> the past, and therefore it is our problem that theese
> browsers are indeed
> broken. We have had a similar problem with 56 bit browsers
> before, and had a
> lot of problems convincing our customers that the browsers are broken.
>
> -Torvald
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

-

NOTICE: The information contained in this email and any attachments is
confidential and may be legally privileged. If you are not the
intended recipient you are hereby notified that you must not use,
disclose, distribute, copy, print or rely on this email's content. If
you are not the intended recipient, please notify the sender
immediately and then delete the email and any attachments from your
system.

RNIB has made strenuous efforts to ensure that emails and any
attachments generated by its staff are free from viruses. However, it
cannot accept any responsibility for any viruses which are
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email
and any attachments are those of the author and do not necessarily
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Problems with old MSIE 5.0

Sorry, I misunderstood this.

As it turns out, it is not W2k as I said in my original post, it is Win98
SE, and there is no MSIE service pack installed.


-Torvald
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Problems with old MSIE 5.0

Neither the browser or the OS is supported by Microsoft anymore,
http://support.microsoft.com/default.aspx?scid=fh;en-gb;life win98, with the
exception of security fixes and paid support.

Are the users aware of this? They can upgrade to IE5.5 or 6 for free
(although I doubt that this will go down particularly well).

I don't see a great deal of point in putting resources into solving this
one, except to ask what SSLSessionCache settings are you using? These have
been known to cause problems with IE.

-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk

After over 144 years, there's still no fossil evidence of Evolution.

> -----Original Message-----
> From: Torvald Baade Bringsvor [mailto:Torvald.Bringsvor@ergo.no]
> Sent: 29 July 2003 11:33
> To: 'modssl-users@modssl.org'
> Subject: RE: Problems with old MSIE 5.0
>
>
> Sorry, I misunderstood this.
>
> As it turns out, it is not W2k as I said in my original post,
> it is Win98
> SE, and there is no MSIE service pack installed.
>
>
> -Torvald
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

-

NOTICE: The information contained in this email and any attachments is
confidential and may be legally privileged. If you are not the
intended recipient you are hereby notified that you must not use,
disclose, distribute, copy, print or rely on this email's content. If
you are not the intended recipient, please notify the sender
immediately and then delete the email and any attachments from your
system.

RNIB has made strenuous efforts to ensure that emails and any
attachments generated by its staff are free from viruses. However, it
cannot accept any responsibility for any viruses which are
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email
and any attachments are those of the author and do not necessarily
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Problems with old MSIE 5.0

> ----- Original Message -----
> From: "Torvald Baade Bringsvor"
> To:
> Sent: Tuesday, July 29, 2003 11:21 AM
> Subject: RE: Problems with old MSIE 5.0


> I dont think theese browsers are supported, no. However, quite a few
clients
> are using them still and our customers does not accept us tossing our
hands
> in the air and saying that we dont support all browsers. It has worked in
> the past, and therefore it is our problem that theese browsers are indeed
> broken. We have had a similar problem with 56 bit browsers before, and had
a
> lot of problems convincing our customers that the browsers are broken.

MSIE 5.0 was only available from Microsoft for a very short period - because
there were so many SECURITY issues with 5.0, MS very quickly released MSIE
5.01 - at the same time, they [mostly] fixed the broken SSL implementation.

These versions had significant security issues, AND very buggy SSL:
5.00.2014.0216 Internet Explorer 5
5.00.2314.1003 Internet Explorer 5 Office 2000
5.00.2614.3500 Internet Explorer 5 Windows 98 Second Edition
5.00.2516.1900 Internet Explorer 5 Windows 2000 Beta 3
5.00.2919.800 Internet Explorer 5 Windows 2000 RC1
5.00.2919.3800 Internet Explorer 5 Windows 2000 RC2

I note that you say you are using the Win98/2 version? Unusual in the
corporate environment.

The first version that works reasonably reliably with SSL is 5.00.2919.6307
which is actually IE 5.01

If your customers are still using MSIE 5.0 then you have a security
obligation to 'toss your hands in the air' and get them to move as soon as
possible. If you are aware of the issues [ and you are now 8-) ] and you
don't inform them, do you become liable? Your requirement to use SSL seems
to indicate that security might be important to your customers.

I work for an ASP that provides dynamic sites and services for banks - we
did have a bank using 5.0 attempt to use our services. When we waved the
security banner, the users PCs were upgraded to a later version of IE within
two weeks. In the meantime, they used Netscape.

If you managed to get IE5.0 working RELIABLY with SSL in the past, then you
are the first person I have ever met who makes that claim. A posting of the
httpd.conf settings that work would be valuable.

The most obvious solution to your problem is to roll-back to the working
version / configuration.


Regards
Jeff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Problems with old MSIE 5.0

It seemes that you are right that SSLSessionCache is important! I set up a
test server (with 2.0.47) and it worked when SSLSessionCache was enabled,
but didnt when it was disabled. What I will do next is to reconfigure the
production environment with SSLSessionCache enabled, and we will see if that
cured it.

Thanks!

-Torvald


-----Original Message-----
From: John.Airey@rnib.org.uk [mailto:John.Airey@rnib.org.uk]
Sent: 29. juli 2003 13:02
To: modssl-users@modssl.org
Subject: RE: Problems with old MSIE 5.0


Neither the browser or the OS is supported by Microsoft anymore,
http://support.microsoft.com/default.aspx?scid=fh;en-gb;life win98, with the
exception of security fixes and paid support.

Are the users aware of this? They can upgrade to IE5.5 or 6 for free
(although I doubt that this will go down particularly well).

I don't see a great deal of point in putting resources into solving this
one, except to ask what SSLSessionCache settings are you using? These have
been known to cause problems with IE.

-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk

After over 144 years, there's still no fossil evidence of Evolution.

> -----Original Message-----
> From: Torvald Baade Bringsvor [mailto:Torvald.Bringsvor@ergo.no]
> Sent: 29 July 2003 11:33
> To: 'modssl-users@modssl.org'
> Subject: RE: Problems with old MSIE 5.0
>
>
> Sorry, I misunderstood this.
>
> As it turns out, it is not W2k as I said in my original post,
> it is Win98
> SE, and there is no MSIE service pack installed.
>
>
> -Torvald
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

-

NOTICE: The information contained in this email and any attachments is
confidential and may be legally privileged. If you are not the
intended recipient you are hereby notified that you must not use,
disclose, distribute, copy, print or rely on this email's content. If
you are not the intended recipient, please notify the sender
immediately and then delete the email and any attachments from your
system.

RNIB has made strenuous efforts to ensure that emails and any
attachments generated by its staff are free from viruses. However, it
cannot accept any responsibility for any viruses which are
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email
and any attachments are those of the author and do not necessarily
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Problems with old MSIE 5.0

I use

SSLSessionCache shm:logs/ssl_scache(512000)
SSLSessionCacheTimeout 300

and it works for me...

John

> -----Original Message-----
> From: Torvald Baade Bringsvor [mailto:Torvald.Bringsvor@ergo.no]
> Sent: 29 July 2003 12:48
> To: 'modssl-users@modssl.org'
> Subject: RE: Problems with old MSIE 5.0
>
>
> It seemes that you are right that SSLSessionCache is
> important! I set up a
> test server (with 2.0.47) and it worked when SSLSessionCache
> was enabled,
> but didnt when it was disabled. What I will do next is to
> reconfigure the
> production environment with SSLSessionCache enabled, and we
> will see if that
> cured it.
>
> Thanks!
>
> -Torvald
>

-

NOTICE: The information contained in this email and any attachments is
confidential and may be legally privileged. If you are not the
intended recipient you are hereby notified that you must not use,
disclose, distribute, copy, print or rely on this email's content. If
you are not the intended recipient, please notify the sender
immediately and then delete the email and any attachments from your
system.

RNIB has made strenuous efforts to ensure that emails and any
attachments generated by its staff are free from viruses. However, it
cannot accept any responsibility for any viruses which are
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email
and any attachments are those of the author and do not necessarily
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Problems with old MSIE 5.0

what I tried was the default, dbm

But perhaps shm is quicker....

-Torvald


-----Original Message-----
From: John.Airey@rnib.org.uk [mailto:John.Airey@rnib.org.uk]
Sent: 29. juli 2003 14:05
To: modssl-users@modssl.org
Subject: RE: Problems with old MSIE 5.0


I use

SSLSessionCache shm:logs/ssl_scache(512000)
SSLSessionCacheTimeout 300

and it works for me...

John

> -----Original Message-----
> From: Torvald Baade Bringsvor [mailto:Torvald.Bringsvor@ergo.no]
> Sent: 29 July 2003 12:48
> To: 'modssl-users@modssl.org'
> Subject: RE: Problems with old MSIE 5.0
>
>
> It seemes that you are right that SSLSessionCache is
> important! I set up a
> test server (with 2.0.47) and it worked when SSLSessionCache
> was enabled,
> but didnt when it was disabled. What I will do next is to
> reconfigure the
> production environment with SSLSessionCache enabled, and we
> will see if that
> cured it.
>
> Thanks!
>
> -Torvald
>

-

NOTICE: The information contained in this email and any attachments is
confidential and may be legally privileged. If you are not the
intended recipient you are hereby notified that you must not use,
disclose, distribute, copy, print or rely on this email's content. If
you are not the intended recipient, please notify the sender
immediately and then delete the email and any attachments from your
system.

RNIB has made strenuous efforts to ensure that emails and any
attachments generated by its staff are free from viruses. However, it
cannot accept any responsibility for any viruses which are
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email
and any attachments are those of the author and do not necessarily
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org