Project

General

Profile

Bug #346

SSL Errors and MSIE

Added by Anonymous over 11 years ago. Updated over 10 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
core
Target version:
-
Start date:
Due date:
% Done:

0%

Missing in 1.5.x:

Description

This issue may be related to Ticket #311

Excerpt from the Apache mod_ssl FAQ (http://www.modssl.org/docs/2.5/ssl_faq.html):

When I connect via HTTPS to an Apache+mod_ssl server with Microsoft Internet Explorer (MSIE) I sometimes get I/O errors and the message "bad data from the server". What's the reason? L

The reason is that MSIE's SSL implementation has some subtle bugs related to the HTTP keep-alive facility and the SSL close notify alerts on socket connection close. You've to work-around this by forcing Apache+mod_ssl to not use keep-alive connections and not sending the SSL close notify messages to MSIE clients. This can be done by using the following directive in your SSL-aware virtual host section:


    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

So for lighttpd, we should make special note in the documentation to add the following when using SSL so that MSIE works properly:


$SERVER["socket"] == "0.0.0.0:443" {
  $HTTP["useragent"] =~ ".*MSIE.*" {
    server.max-keep-alive-requests = 0
  }
}

-- cody

History

#1 Updated by Anonymous over 11 years ago

As for not sending the SSL close notify message, we will need to come up with a solution for that.

-- cody

#2 Updated by conny over 11 years ago

  • Status changed from New to Fixed
  • Resolution set to fixed

Note taken in FrequentlyAskedQuestions#SSL. I agree that the primary docs should mention this as well, as it seems to be a common problem.

#3 Updated by Anonymous over 10 years ago

This also affects AJAX calls using IE6 specifically. IE7 doesn't seem to have this bug, but man is it annoying to not know about. I had this problem when using both prototype.js and mootools, and it's the browser/server interaction that seems to be the problem. I believe this fixes the issue, but I'm still testing.

-- ooglek

#4 Updated by Anonymous over 10 years ago

so it should be:


  $HTTP["useragent"] =~ ".*MSIE [456]\..*" {
    server.max-keep-alive-requests = 0
  }

-- mOo

Also available in: Atom