imp & ssl, good news
Mark Nienberg
mark@tippingmar.com
Wed, 11 Apr 2001 10:18:45 -0700
As you may remember from previous posts, my imp via ssl setup
worked perfectly except for two browser clients (MS IE 5 on win9x
without SP1, and MS IE 5 for mac). I previously posted that the
following line in httpd.conf solved the problem:
SSLProtocol all -SSLv3
and it does, except that it makes all connections use SSLv2 instead
of the more recent SSLv3.
The following technique also solves the problem without the adverse
side effect described above. Add the following lines to httpd.conf,
putting them OUTSIDE the ssl virtual hosts section:
SSLSessionCache dbm:/etc/httpd/logs/cache_ssl
SSLSessionCacheTimeout 300
This sets up a session cache file. Change the location depending
on your directory structure, RedHat 7 is shown above. You can
also do this with shared memory instead of hard disk space. See
the mod_ssl documentation for directions.
I suspect that veteran apache and ssl admins all do something like
this anyway and that is why they don't see the problem. The default
SSL setup in RedHat 7 doesn't do it though, so newbies like me fall
into the trap.
Mark W. Nienberg, SE
Tipping Mar + associates
Berkeley, CA