Bug #346

SSL Errors and MSIE

Added by Anonymous about 9 years ago. Updated over 7 years ago.

Status:FixedStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:core
Target version:-
Missing in 1.5.x:

Description

This issue may be related to Ticket #311

Excerpt from the Apache mod_ssl FAQ (http://www.modssl.org/docs/2.5/ssl_faq.html):

When I connect via HTTPS to an Apache+mod_ssl server with Microsoft Internet Explorer (MSIE) I sometimes get I/O errors and the message "bad data from the server". What's the reason? L

The reason is that MSIE's SSL implementation has some subtle bugs related to the HTTP keep-alive facility and the SSL close notify alerts on socket connection close. You've to work-around this by forcing Apache+mod_ssl to not use keep-alive connections and not sending the SSL close notify messages to MSIE clients. This can be done by using the following directive in your SSL-aware virtual host section:


    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

So for lighttpd, we should make special note in the documentation to add the following when using SSL so that MSIE works properly:


$SERVER["socket"] == "0.0.0.0:443" {
  $HTTP["useragent"] =~ ".*MSIE.*" {
    server.max-keep-alive-requests = 0
  }
}

-- cody

History

#1 Updated by Anonymous about 9 years ago

As for not sending the SSL close notify message, we will need to come up with a solution for that.

-- cody

#2 Updated by conny over 8 years ago

  • Status changed from New to Fixed
  • Resolution set to fixed

Note taken in FrequentlyAskedQuestions#SSL. I agree that the primary docs should mention this as well, as it seems to be a common problem.

#3 Updated by Anonymous over 7 years ago

This also affects AJAX calls using IE6 specifically. IE7 doesn't seem to have this bug, but man is it annoying to not know about. I had this problem when using both prototype.js and mootools, and it's the browser/server interaction that seems to be the problem. I believe this fixes the issue, but I'm still testing.

-- ooglek

#4 Updated by Anonymous over 7 years ago

so it should be:


  $HTTP["useragent"] =~ ".*MSIE [456]\..*" {
    server.max-keep-alive-requests = 0
  }

-- mOo

Also available in: Atom