[imp] SSL very slow in IE but not Firefox

Listaccount lst_hoe01 at kwsoft.de
Mon Oct 22 09:27:41 UTC 2007


Zitat von Cerephax Admin <admin at cerephax.com>:

> Hello,
>
> I am new to Horde & Imp, but have strong working knowledge of Apache and
> SSL. My question is:
>
> When attempting to access IMP (or Horde in general) through Internet
> Explorer (IE) via an SSL (HTTPS) connection, every page takes 10-15
> seconds to load. When that connection is switched to non-HTTPS, it loads
> instantly. However, on Firefox, whether or not one uses HTTP or HTTPS,
> the connection is fast every time. Some basic experimentation has led me
> to believe it is somehow related to javascript. Reasoning: When
> accessing non-javascript pages via SSL (HTTPS) in IE, the page loads
> fine. The second javascript is added to the code, the page takes 10-15
> seconds to load.
>
> So, is this a known issue with some code in Horde/IMP? Is there
> something I should change in order to allow for an HTTPS connection to
> be smooth and as fast as a HTTP connection in IE?

For all the SuSe distributions the following is in the Apache config  
files for ages and never had problems with IE and SSL while at least  
one person on this list replied that this settings for SSL/IE solved  
the problem. Nevertheless you should consult the Apache dokumentation  
what this settings does in detail.

SetEnvIf User-Agent ".*MSIE.*" \
          nokeepalive ssl-unclean-shutdown \

#   SSL Protocol Adjustments:
#   The safe and default but still SSL/TLS standard compliant shutdown
#   approach is that mod_ssl sends the close notify alert but doesn't wait for
#   the close notify alert from client. When you need a different shutdown
#   approach you can use one of the following variables:
#   o ssl-unclean-shutdown:
#     This forces an unclean shutdown when the connection is closed, i.e. no
#     SSL close notify alert is send or allowed to received.  This violates
#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
#     this when you receive I/O errors because of the standard approach where
#     mod_ssl sends the close notify alert.
#   o ssl-accurate-shutdown:
#     This forces an accurate shutdown when the connection is closed, i.e. a
#     SSL close notify alert is send and mod_ssl waits for the close notify
#     alert of the client. This is 100% SSL/TLS standard compliant, but in
#     practice often causes hanging connections with brain-dead browsers. Use
#     this only for browsers where you know that their SSL implementation
#     works correctly.
#   Notice: Most problems of broken clients are also related to the HTTP
#   keep-alive facility, so you usually additionally want to disable
#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
#   "force-response-1.0" for this.


Regards

Andreas




More information about the imp mailing list