Hi all,

This is a pretty specific problem, but I'm hoping someone can help me out. I'm trying to apply the fix to the mod_ssl handshake bug with Internet Explorer, which is starting to drive our customers batty. I've found instructions on the modssl.org site ( http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49 ), but my dedicated server provider seems to have set up the httpd.conf in a way unlike every example I've seen: I have no SSL-aware default virtual host set up, and my knowledge of Apache is quicky expanding, but still limited. I have a ticket in with my provider, but seeing as they have notoriously slow support, I thought I'd ask here, too. ;) Thanks for any tips on where I should place the code!

I'm not sure I follow what you're saying, but I'm guessing what you mean is that your <VirtualHost> is the same for the domain(s) whether or not SSL is used... eg, there's not a specific container for SSL-related stuff.

You can put this in the <VirtualHost> anyway -- or even in the server-wide part of the conf file -- but this will pretty much disable keepalives and HTTP/1.1 for all connections, which is probably undesirable.

On the other hand, if you can find what variable is set when SSL is in use (a search didn't turn up anything, but perhaps looking for the proper port number?) you could do this:

SetEnvIf User-Agent ".*MSIE.*" && Something Else \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

Where Something Else is would be something to determine if it's an SSL connection. I did test SetEnvIf with multiple conditions as above, but I don't have an SSL server available...

Hope this helps.

That was extremely helpful, Jman.. thanks for getting me on the right track!

Yes, you are correct ..

We posted here a few weeks back about this very same problem, most don't even know the problem exists, it effects form data being sent and thus sales. We had to put in that same setting for our server a while back and the problem went away for our users ..




Originally posted by jezzicuh
That was extremely helpful, Jman.. thanks for getting me on the right track!

I'm glad to have been helpful. It's funny, though, I've personally seen this problem on servers before, and didn't even know a solution existed for it. I only learned of it from the original post regarding SetEnvIf, and searching from there.

I do have a couple servers where I'll be fixing this issue very shortly thanks to this thread ;) Most notably is a Raq4 I'm stuck working with, where the site is 100% SSL. We'd found before that IE 4.0 has a much harder time with this than 5.x, and Windows 98 is worse that Win2k. With Win2k and IE 5.5, it seems to be very rare, but Win98 with IE 4.0 is't about every other form post (and sometimes just clicking a link does it).

I have this same problem but also have a Cp/WHM box. I can't figure out what to do. Any help would be apprecaited :)