Firefox SSL handshake error after Apache upgrade

Hello!

I'm using Apache 2.2 with mod_ssl. Under the DocumentRoot of my SSL
virtual host there is a subdirectory which requires client certificates.
It has such .htaccess file:

------ .htaccess ------
SSLVerifyClient Require
SSLVerifyDepth 3

SSLOptions +StdEnvVars +ExportCertData

------ .htaccess ------

This has been working for couple of years. Two weeks ago I upgraded Apache
from 2.2.9 to 2.2.13. After that, Firefox users visiting this directory
started to get this error page:

SSL peer was not expecting a handshake message it received.

(Error code: ssl_error_handshake_unexpected_alert)

When they click "Try again", the error condition clears and expected page
is displayed.

MSIE did not show this behaviour, but when I tried with Firefox 3.0 and
3.5 they both behave the same.

The error message in Apache log is:

[error] [client 12.34.56.78] Re-negotiation handshake failed: Not accepted
by client!?

Since I didn't know what to do, I copied the section of httpd-ssl.conf
which is meant to accommodate MSIE and modified it for Firefox:

BrowserMatch ".*Firefox.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

That made the error go away. I could stop here and be satisfied with that,
but I'm really curious about why this started happening, and most
importantly, of course, who is guilty, Firefox or Apache ;) Or, if this is
a case of PEBKAC, perhaps someone can point out what I'm doing wrong.

--
Toomas

.... When an agnostic dies, does he go to the "great perhaps"?

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org