SSL Form Post between IE6 and Apache 2.2 fails (This page cannot be displayed).

Posted on 2007-07-23
Last Modified: 2013-12-12
The Cry for HELP:
Any assistance and insight you can bring to my situation would be greatly appreciated.  I've spent over 12 hours troubleshooting.  I've also enlisted the help of a peer who spent over 8 hours on the issue.  We were unable to come up with a solution on our own.

The Scenario:
I am attempting to post form data including a file over SSL on IE 6.0 client served by Apache version 2.2 server.  The post fails with "This page cannot be displayed" error. (see simplified form below)  The php code works fine on all three browser versions on the "Old Server" environment.  However, on the "New Server" environment it fails on IE6.

The Theory:
This code works perfectly on IE6, IE7 or Firefox 2.0 with apache 2.0.  Further, this code works perfectly on IE7 and Firefox 2.0 with apache 2.2.  It only fails with the combination of IE6 and apache 2.2 which makes me think it's not a php.ini or apache configuration issue.  I suspect there is some incompatibility with the SSL handshake between Apache 2.2 and IE 6.  Another thought is that it might have something to do with mod_rewrite which is enabled on the "New Server" environment and not enabled on the "Old Server" environment.

The Client:
Windows XP Home

The New Server Environment:
FreeBSD 6.1
Apache 2.2.3
mod_rewrite enabled

Works in IE 7.0.5730.11
Works in Firefox "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20070713
Fails in IE 6.0.2900.2180.xpsp_sp2_dgr.050301-1519

The Old Server Environment:
Redhat Linux Fedora 1
Apache 2.0.50

Works in IE 7.0.5730.11
Works in Firefox "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20070713
Works in IE 6.0.2900.2180.xpsp_sp2_dgr.050301-1519

The failed php code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">
<html xmlns="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
if ($_POST['action']=='post') {
echo $_POST['Field1'] . '<br>';
echo $_POST['Field2'] . '<br>';
echo $_POST['Field3'] . '<br>';
echo $_POST['Field4'] . '<br>';
echo $_POST['Field5'] . '<br><br>';
echo $_FILES['file1']['tmp_name'];
<form action="test.php" method="post" enctype="multipart/form-data" name="form2" id="form2">
    <input type="text" name="Field1" id="Field1" />
    <input type="text" name="Field2" id="Field2" />
    <input type="text" name="Field3" id="Field3" />
    <input type="text" name="Field4" id="Field4" />
    <input type="text" name="Field5" id="Field5" />
    <input type="file" name="file1" id="file1" />
    <input type="hidden" name="action" value="post" />
    <input type="submit" name="Submit" id="Submit" value="Submit" />
Question by:edigitize
    LVL 48

    Expert Comment

    Are there any messages in the webserver log for ssl or non SSL if you acces the page?

    Author Comment

    Keeping in mind that this form posts to itself, there are no messages in the access_log or error_log when I click on the submit button to POST the form.  There is, of course, an entry in the access_log when the form initially loads (before submit).
    LVL 48

    Expert Comment

    First the form is typical called via GET then filled out and submited via POST-Method to the server. So there must be two entries in access_log, First get and then POST. So if there is no second entry in the access log the form is not posted back to the server.

    Author Comment

    Ok, on that we are agreed.  The form is not posted back to the server.  Oddly, this only happens on IE6 over SSL.  I can access the same form on IE6 with no SSL and it works perfectly.

    Also I should mention the following update when posting over SSL:
    Step 1: Load Form
    Step 2: Enter text & browse for file.
    Step 3: Click Submit
    Response: Page Could Not Be Displayed
    Step 4: Click Back
    Step 5: Enter text & browse for file.
    Step 6: Click Submit
    Response: For submits!

    My Thoughts:  It seems pretty strange that I can submit the form, get an error, go back, fill out the form exactly the same way, submit it again, and THEN it will post.  The response is consistant even after restarting the browser, restarting computer, etc.  The post goes through the second time after clicking on browser's back button.
    LVL 1

    Accepted Solution

    This is caused by IE6's incorrect handling of SSL connections. The simplest solution is to add the following in Apache 2.2.x configuration (ssl configuration is usually found in the file httpd-ssl.conf).

    BrowserMatch ".*MSIE.*" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0

    This should take care of the problem you were experiencing.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
    Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
    Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
    Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now