[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] PHP/CGI and weird SSL problem
- Subject: RE: [cobalt-users] PHP/CGI and weird SSL problem
- From: "Phil Beynon" <phil@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu Feb 12 15:04:01 2004
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
> > Do a phpinfo and check the environment variables such as
> _ENV["HTTPS"] and
> > around that area.
> > Have you determined if it is browser specific?
> >
> > A workaround would be to just drop the variables into a MySQL
> table and a
> > session id cookie onto the user then pick them up again on page
> > 2, not ideal
> > but a quicker fix.
> >
> > Phil
>
>
>
> Thanks Phil
>
> Just for the archives I think we have solved this problem.
>
> Big thanks to Greg Sloman who pointed me in the right direction.
> It seems to be a problem related to IE and timeouts on https connections.
> There seem to be two fixes.
>
> 1. From the Sun forum >>> (watch the line wrap)
> http://cobalt-forum.sun.com/forum/index.php?t=msg&th=6288&rid=&S=e
> 2ca86ab7fb
> 20c517caf68d356097cca&pl_view=&start=0#msg_106463
>
> <snip>
>
> The solution is simple.
> Don't ask me why it works, but it works.
> We are doing it this way for 4 years now :-)
>
> In your httpd.conf change
>
> # KeepAliveTimeout: Number of seconds to wait for the next request
>
> #KeepAliveTimeout 15
>
> KeepAliveTimeout 90
>
> So set the time out from 15 to 90
>
> That's all.
>
> <snip>
>
>
>
> 2. Perl hack to httpd.conf provided by Sun in 2002!!
>
> <snip>
>
> # Hardcoded, issues with mod_perl and cobalt modules.
> if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
> $ret = ssl_cert_check("/home/sites/$group/certs/");
> if ($ret=~/^2/o) {
> $PerlConfig .= "Listen $ip:443\n";
> $PerlConfig .= "<VirtualHost $ip:443>\n";
> # added for ie ssl bug fix 26-7-02
> $PerlConfig .= "SetEnvIf User-Agent \".*MSIE.*\" \\n";
> $PerlConfig .= " nokeepalive ssl-unclean-shutdown \\n";
> $PerlConfig .= " downgrade-1.0 force-response-1.0 \n";
> $PerlConfig .= "SSLengine on\n";
> $PerlConfig .= "SSLCertificateFile
> /home/sites/$group/certs/certificate\n";
> $PerlConfig .= "SSLCertificateKeyFile
> /home/sites/$group/certs/key\n";
> $PerlConfig .= join('', @ssl_conf);
> } elsif (ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
> $PerlConfig .= "Listen $ip:443\n";
> $PerlConfig .= "<VirtualHost $ip:443>\n";
> # added for ie ssl bug fix 26-7-02
> $PerlConfig .= "SetEnvIf User-Agent \".*MSIE.*\" \\n";
> $PerlConfig .= " nokeepalive ssl-unclean-shutdown \\n";
> $PerlConfig .= " downgrade-1.0 force-response-1.0 \n";
> $PerlConfig .= "SSLengine on\n";
> $PerlConfig .= "SSLCertificateFile
> /home/sites/home/certs/certificate\n";
> $PerlConfig .= "SSLCertificateKeyFile
> /home/sites/home/certs/key\n";
> $PerlConfig .= join('', @ssl_conf);
> } else {
> print STDERR "Site $group has invalid certificate: $ret\n";
> }
> }
> }
> }
> close HTTPD_CONF;
>
> </snip>
>
>
>
> We have tried number 1 (so far) and initial testing looks good!!
>
>
> Thanks again Greg!
>
> Paul.
Paul,
It's probably worth copying that to the the cert issuer as well, along with
the version of IE that was affected.
90 sec is a heck of a long timeout for a computer!
Phil
** http://www.diygear.com THE Online DIY Toolstore For DIY & Business
** Infolink Electronic Systems Ltd. http://www.infolinkelectronics.co.uk
** Professional Web Design & Cobalt Hosting Solutions
** Sun Cobalt iForce Reseller - Canon Silver Reseller
** Contact: Sales@xxxxxxxxxxxxxxxxxxxxxxxxx
** Tel / Fax 0121 458 4894 (office) 0121 441 3558 (home)