chanreayu
asked on
Problem with IE and apache/openssl: ssl connection hangs upon initial load
Hi,
Hope someone can help me out. Having a problem with an environment we are putting up
Using Apache 2.22
OpenSSL 0.9.8s 4 Jan 2012
(also tried 1.0.1)
Browser types IE 9 and IE 8
For some reason upon the initial load of the website, there is a "hang", seemingly during the handshake or something.
I tried this from my personal laptop and it did work no problem which is
IE 8 8.0.7601 (Windows 7)
Did not work from
IE 9 9.0.8112 (Windows 7)
and
IE 8 8.0.7601 (Windows 2008)
I couldn't find any differences in browser settings from my own to the IE on the actual client machines (sslv3 is checked, tls 1 is checked)
Doing a lot of google and most people seem to find success with the Browser Match like so:
BrowserMatch ".*MSIE [2-5].*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch ".*MSIE [6-9].*" ssl-unclean-shutdown
Didn't work for me.
I also found some playing with the SSLCipherSuite changing
# SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 (default)
to
SSLCipherSuite ALL:!ADH:!NULL:RC4+RSA:+HI
Which also didn't work.
Unfortunately we cannot test with any other browser besides IE because the application is programmed to turn away any browsers that are not IE :(
Here is the apache error log on debug:
[Thu Jan 31 11:14:32 2013] [debug] ssl_engine_kernel.c(1874):
[Thu Jan 31 11:14:32 2013] [debug] ssl_engine_kernel.c(1870):
[Thu Jan 31 11:14:32 2013] [info] Connection: Client IP: 192.168.1.241, Protocol: TLSv1, Cipher: AES128-SHA (128/128 bits)
===========THIS IS WHERE THE DELAY IS ==========================
[Thu Jan 31 11:14:47 2013] [debug] ssl_engine_io.c(1908): OpenSSL: I/O error, 5 bytes expected to read on BIO#8f1f60 [mem: d1f5f3]
[Thu Jan 31 11:14:47 2013] [info] [client 192.168.1.241] (70014)End of file found: SSL input filter read failed.
[Thu Jan 31 11:14:47 2013] [debug] ssl_engine_kernel.c(1884):
[Thu Jan 31 11:14:47 2013] [info] [client 192.168.1.241] Connection closed to child 4 with standard shutdown (server webid.refugee.gov.tr:443)
Any ideas?
Thank you!
Hope someone can help me out. Having a problem with an environment we are putting up
Using Apache 2.22
OpenSSL 0.9.8s 4 Jan 2012
(also tried 1.0.1)
Browser types IE 9 and IE 8
For some reason upon the initial load of the website, there is a "hang", seemingly during the handshake or something.
I tried this from my personal laptop and it did work no problem which is
IE 8 8.0.7601 (Windows 7)
Did not work from
IE 9 9.0.8112 (Windows 7)
and
IE 8 8.0.7601 (Windows 2008)
I couldn't find any differences in browser settings from my own to the IE on the actual client machines (sslv3 is checked, tls 1 is checked)
Doing a lot of google and most people seem to find success with the Browser Match like so:
BrowserMatch ".*MSIE [2-5].*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch ".*MSIE [6-9].*" ssl-unclean-shutdown
Didn't work for me.
I also found some playing with the SSLCipherSuite changing
# SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 (default)
to
SSLCipherSuite ALL:!ADH:!NULL:RC4+RSA:+HI
Which also didn't work.
Unfortunately we cannot test with any other browser besides IE because the application is programmed to turn away any browsers that are not IE :(
Here is the apache error log on debug:
[Thu Jan 31 11:14:32 2013] [debug] ssl_engine_kernel.c(1874):
[Thu Jan 31 11:14:32 2013] [debug] ssl_engine_kernel.c(1870):
[Thu Jan 31 11:14:32 2013] [info] Connection: Client IP: 192.168.1.241, Protocol: TLSv1, Cipher: AES128-SHA (128/128 bits)
===========THIS IS WHERE THE DELAY IS ==========================
[Thu Jan 31 11:14:47 2013] [debug] ssl_engine_io.c(1908): OpenSSL: I/O error, 5 bytes expected to read on BIO#8f1f60 [mem: d1f5f3]
[Thu Jan 31 11:14:47 2013] [info] [client 192.168.1.241] (70014)End of file found: SSL input filter read failed.
[Thu Jan 31 11:14:47 2013] [debug] ssl_engine_kernel.c(1884):
[Thu Jan 31 11:14:47 2013] [info] [client 192.168.1.241] Connection closed to child 4 with standard shutdown (server webid.refugee.gov.tr:443)
Any ideas?
Thank you!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER