Possible I/O errors in LANSA for the Web when connecting via HTTPS to an Apache Server

Date:Archived
Product/Release:LANSA for the Web
Abstract:Possible I/O errors in LANSA for the Web when connecting via HTTPS to an Apache Server
Submitted By:LANSA Technical Support

Description:

If your LANSA for the Web application is using HTTPS to an Apache Server including mod_ssl and OpenSSL with Microsoft Internet Explorer, there is a possibility that you might experience various (and random) errors. These can be a result of lower level problems or I/O errors in the Apache error log, for example, abnormal end of script header errors.

One known reason is that the SSL implementation in some Microsoft Internet Explorer (MSIE) versions have defects which relate to the HTTP keep-alive facility and the SSL close notify shutdown alerts on socket connection close.

Solution:

To workaround these problems you need to force Apache+mod_ssl+OpenSSL to not use HTTP/1.1, keep-alive connections or not send SSL close notify messages to MSIE clients.

This can be done by using a directive in your SSL-aware virtual host section:

SetEnvIf User-Agent ".*MSIE.*" \
             nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0

These are not explicitly LANSA for the Web issues but are Apache related problems that you may experience if you use Apache as your Web server.  For more suggestions and other Apache problem descriptions please see this link:
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49