MSIE Patch level

Hi to all,

i've a problem apparently imputable to MS Internet Explorer.

I run an Apache 1.3.22 with modssl 2.8.5 and openssl 0.9.6i.
The connection is established on a standard https with "SSLVerifyClient
require" option.

All works fine if i use mozilla (ver. 1.5 and later), but when i use IE
the connection is established correctly only when i install some patch.
My experience on this problem is that only combinations of O.S. version,
O.S. service pack, IE version, IE service pack and IE patch works
correctly and other combinations doesn't work.

Does anybody knows other valid combinations of such pieces of software
that works properly?

Does anybody knows if modss and openssl has some glitch or bug that
cause that problem?

TIA for the time you want to dedicate to this issue.

Working combinations:
Win XP Pro SP1
IE 6.0.2800.1106: SP1; Q832894

Win 2k Pro SP4
IE 6.0.2800.1106: SP1; Q832894

Win 2k Pro SP2
IE 6.0.2800.1106: SP1

Win 2k Pro SP2
IE 5.50.4807.2300: SP1; Q832894

Win 2k Pro
IE 6.0.2800.1106: SP1; Q832894
or
IE 5.00.2195: SP2; SRP1; Q329115; Q323172


--
Mario Ottone
Arsretia S.r.l.
Via D. Sansotta, 97
00144 Roma (IT)
e-mail: m.ottone@arsretia.net
Tel.: +390652270097
Fax : +390652272313



____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: MSIE Patch level

Hi Mariom

I did some change to the config related to M$IE 6.0.
I increased the KeepAliveTimeout to 360.
I removed the general rule for M$IE and SSL and set it to

SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown
SetEnvIf User-Agent ".*MSIE 5.*" ssl-unclean-shutdown nokeepalive
downgrade-1.0 force-response-1.0

It is only for https pages (SSLEngine on). The rest is mostly default.

This is all to enable keepalive and HTTP/1.1 for M$IE 6.0. I didn't pay
attention to M$IE < 5.0 because my customer didn't use this once.

I hope this helps you.

Regards
Sven.

Am Di, den 13.07.2004 schrieb Mario Ottone um 00:30:
> Hi to all,
>
> i've a problem apparently imputable to MS Internet Explorer.
>
> I run an Apache 1.3.22 with modssl 2.8.5 and openssl 0.9.6i.
> The connection is established on a standard https with "SSLVerifyClient
> require" option.
>
> All works fine if i use mozilla (ver. 1.5 and later), but when i use IE
> the connection is established correctly only when i install some patch.
> My experience on this problem is that only combinations of O.S. version,
> O.S. service pack, IE version, IE service pa
> ck and IE patch works
> correctly and other combinations doesn't work.
>
> Does anybody knows other valid combinations of such pieces of software
> that works properly?
>
> Does anybody knows if modss and openssl has some glitch or bug that
> cause that problem?
>
> TIA for the time you want to dedicate to this issue.
>
> Working combinations:
> Win XP Pro SP1
> IE 6.0.2800.1106: SP1; Q832894
>
> Win 2k Pro SP4
> IE 6.0.2800.1106: SP1; Q832894
>
> Win 2k Pro SP2
> IE 6.0.2800.1106: SP1
>
> Win 2k Pro SP2
> IE 5.50.4807.2300: SP1; Q832894
>
> Win 2k Pro
> IE 6.0.2800.1106: SP1; Q832894
> or
> IE 5.00.2195: SP2; SRP1; Q329115; Q323172
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: MSIE Patch level

Thanks, Sven, for your answer, but i miss some important informations...
- the server is only a frontend for Catalina (jsp container), the HTML=20
is dynamically generated, and only images are static and managed by apach=
e
- the audience for this site is not under my control and then i cannot=20
force a specific version of a browser

Sven Geisler wrote:

>Hi Mariom
>
>I did some change to the config related to M$IE 6.0.
>I increased the KeepAliveTimeout to 360.
> =20
>
see previous information

>I removed the general rule for M$IE and SSL and set it to=20
>
>SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown
>SetEnvIf User-Agent ".*MSIE 5.*" ssl-unclean-shutdown nokeepalive
>downgrade-1.0 force-response-1.0
>
> =20
>
these settings are already activated

>It is only for https pages (SSLEngine on). The rest is mostly default.
>
>This is all to enable keepalive and HTTP/1.1 for M$IE 6.0. I didn't pay
>attention to M$IE < 5.0 because my customer didn't use this once.
>
>I hope this helps you.
>
>Regards
>Sven.
> =20
>
I cannot find any information neither from Microsoft site nor from=20
Internet newsgroup, so i hope that other people with similar problem=20
wants to exchange their experiences on this type of problem.
I didn't find on Microsoft site information about interdependencies=20
between service pack and patches, this may help but, only if you=20
navigate through the site and read every patches release comment,=20
perhaps you find this informations.

Bye.




>Am Di, den 13.07.2004 schrieb Mario Ottone um 00:30:
> =20
>
>>Hi to all,
>>
>>i've a problem apparently imputable to MS Internet Explorer.
>>
>>I run an Apache 1.3.22 with modssl 2.8.5 and openssl 0.9.6i.
>>The connection is established on a standard https with "SSLVerifyClient=
=20
>>require" option.
>>
>>All works fine if i use mozilla (ver. 1.5 and later), but when i use IE=
=20
>>the connection is established correctly only when i install some patch.
>>My experience on this problem is that only combinations of O.S. version=
,=20
>>O.S. service pack, IE version, IE service pa
>>ck and IE patch works=20
>>correctly and other combinations doesn't work.
>>
>>Does anybody knows other valid combinations of such pieces of software=20
>>that works properly?
>>
>>Does anybody knows if modss and openssl has some glitch or bug that=20
>>cause that problem?
>>
>>TIA for the time you want to dedicate to this issue.
>>
>>Working combinations:
>>Win XP Pro SP1
>>IE 6.0.2800.1106: SP1; Q832894
>>
>>Win 2k Pro SP4
>>IE 6.0.2800.1106: SP1; Q832894
>>
>>Win 2k Pro SP2
>>IE 6.0.2800.1106: SP1
>>
>>Win 2k Pro SP2
>>IE 5.50.4807.2300: SP1; Q832894
>>
>>Win 2k Pro
>>IE 6.0.2800.1106: SP1; Q832894
>>or
>>IE 5.00.2195: SP2; SRP1; Q329115; Q323172
>>
>> =20
>>
>
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org
> =20
>

--=20
Mario Ottone
Arsretia S.r.l.
Via D. Sansotta, 97
00144 Roma (IT)
e-mail: m.ottone@arsretia.net
Tel.: +390652270097
Fax : +390652272313

INFORMAZIONE RISERVATA E CONFIDENZIALE Questo messaggio contiene
informazioni riservate e confidenziali. Se il lettore non fosse il
destinatario del messaggio, inoltrato e ricevuto per errore, il testo dov=
r=E0
essere immediatamente cancellato dal computer del ricevente. E'
assolutamente proibita qualunque circolazione, disseminazione o copia del
messaggio spedito e/o ricevuto per errore. AVVERTENZA: I messaggi e-mail =
non
offrono chiara evidenza del loro ricevimento e, quindi, per istruzioni
relative a pratiche in scadenza consigliamo di utilizzare mezzi di
comunicazione alternativi.

CONFIDENTIALITY and WARNING NOTICE This message may contain legally
privileged or confidential information. If the reader is not the intended
recipient, you received this message in error and it should therefore be
deleted from your computer at once. Any dissemination,distribution and
copying of a message mistakenly sent or received is strictly forbidden.
E-mail does not give positive evidence of receipt, for pending deadlines
alternative back-up is highly recommended.

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org