Bug #346

SSL Errors and MSIE

Added by Anonymous almost 11 years ago. Updated over 9 years ago.

Target version:
Start date:
Due date:
% Done:


Missing in 1.5.x:


This issue may be related to Ticket #311

Excerpt from the Apache mod_ssl FAQ (

When I connect via HTTPS to an Apache+mod_ssl server with Microsoft Internet Explorer (MSIE) I sometimes get I/O errors and the message "bad data from the server". What's the reason? L

The reason is that MSIE's SSL implementation has some subtle bugs related to the HTTP keep-alive facility and the SSL close notify alerts on socket connection close. You've to work-around this by forcing Apache+mod_ssl to not use keep-alive connections and not sending the SSL close notify messages to MSIE clients. This can be done by using the following directive in your SSL-aware virtual host section:

    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

So for lighttpd, we should make special note in the documentation to add the following when using SSL so that MSIE works properly:

$SERVER["socket"] == "" {
  $HTTP["useragent"] =~ ".*MSIE.*" {
    server.max-keep-alive-requests = 0

-- cody


#1 Updated by Anonymous almost 11 years ago

As for not sending the SSL close notify message, we will need to come up with a solution for that.

-- cody

#2 Updated by conny over 10 years ago

  • Status changed from New to Fixed
  • Resolution set to fixed

Note taken in FrequentlyAskedQuestions#SSL. I agree that the primary docs should mention this as well, as it seems to be a common problem.

#3 Updated by Anonymous over 9 years ago

This also affects AJAX calls using IE6 specifically. IE7 doesn't seem to have this bug, but man is it annoying to not know about. I had this problem when using both prototype.js and mootools, and it's the browser/server interaction that seems to be the problem. I believe this fixes the issue, but I'm still testing.

-- ooglek

#4 Updated by Anonymous over 9 years ago

so it should be:

  $HTTP["useragent"] =~ ".*MSIE [456]\..*" {
    server.max-keep-alive-requests = 0

-- mOo

Also available in: Atom