imp & ssl, good news

Mark Nienberg mark@tippingmar.com
Wed, 11 Apr 2001 10:18:45 -0700


As you may remember from previous posts, my imp via ssl setup 
worked perfectly except for two browser clients (MS IE 5 on win9x 
without SP1, and MS IE 5 for mac).  I previously posted that the 
following line in httpd.conf solved the problem:

SSLProtocol all -SSLv3

and it does, except that it makes all connections use SSLv2 instead 
of the more recent SSLv3.

The following technique also solves the problem without the adverse 
side effect described above.  Add the following lines to httpd.conf, 
putting them OUTSIDE the ssl virtual hosts section:

SSLSessionCache dbm:/etc/httpd/logs/cache_ssl
SSLSessionCacheTimeout 300

This sets up a session cache file.  Change the location depending 
on your directory structure, RedHat 7 is shown above.  You can 
also do this with shared memory instead of hard disk space.  See 
the mod_ssl documentation for directions.

I suspect that veteran apache and ssl  admins all do something like 
this anyway and that is why they don't see the problem.  The default 
SSL setup in RedHat 7 doesn't do it though, so newbies like me fall 
into the trap. 

Mark W. Nienberg, SE
Tipping Mar + associates
Berkeley, CA