Bug #346
closedSSL Errors and MSIE
Description
This issue may be related to Ticket #311
Excerpt from the Apache mod_ssl FAQ (http://www.modssl.org/docs/2.5/ssl_faq.html):
When I connect via HTTPS to an Apache+mod_ssl server with Microsoft Internet Explorer (MSIE) I sometimes get I/O errors and the message "bad data from the server". What's the reason? L
The reason is that MSIE's SSL implementation has some subtle bugs related to the HTTP keep-alive facility and the SSL close notify alerts on socket connection close. You've to work-around this by forcing Apache+mod_ssl to not use keep-alive connections and not sending the SSL close notify messages to MSIE clients. This can be done by using the following directive in your SSL-aware virtual host section:
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
So for lighttpd, we should make special note in the documentation to add the following when using SSL so that MSIE works properly:
$SERVER["socket"] == "0.0.0.0:443" {
$HTTP["useragent"] =~ ".*MSIE.*" {
server.max-keep-alive-requests = 0
}
}
-- cody
Updated by Anonymous over 18 years ago
As for not sending the SSL close notify message, we will need to come up with a solution for that.
-- cody
Updated by conny about 18 years ago
- Status changed from New to Fixed
- Resolution set to fixed
Note taken in FrequentlyAskedQuestions#SSL. I agree that the primary docs should mention this as well, as it seems to be a common problem.
Updated by Anonymous about 17 years ago
This also affects AJAX calls using IE6 specifically. IE7 doesn't seem to have this bug, but man is it annoying to not know about. I had this problem when using both prototype.js and mootools, and it's the browser/server interaction that seems to be the problem. I believe this fixes the issue, but I'm still testing.
-- ooglek
Updated by Anonymous about 17 years ago
so it should be:
$HTTP["useragent"] =~ ".*MSIE [456]\..*" {
server.max-keep-alive-requests = 0
}
-- mOo
Also available in: Atom