 |
|
Donations News About Support Security Screen shots Download Plugins Documentation Sponsors Bounties 
Junk Email Filter |
Internet Explorer versus SSLThe problem comes from buggy handling of the combination SSL+POST+HTTP Keep-Alive in Internet Explorer. Problems with this combination have been around in different shapes since at least IE5. ProblemUsers using Internet Explorer experience the following: Sometimes when using different functions of SquirrelMail, especially when composing mail (adding an attachment or pushing Send), Internet Explorer either:
CauseInternet Explorer + SSL + HTTP POST + HTTP Keep-Alive Enabled + HTTP Keep-Alive Timeout below 60 seconds = Poor mix. Given these conditions Internet Explorer will misbehave. It seems Internet Explorer simply can not cope with a lower Keep-Alive Timeout than 60 seconds when performing POST operations towards a SSL-enabled webserver. SolutionConfigure your webserver with a Keep-Alive Timeout of 60 seconds or more. In Apache the default is 15 seconds. In Apache, use this directive: keepalivetimeout 60 In Lighttpd, use this directive: server.max-keep-alive-idle = 60 or $HTTP["useragent"] =~ "MSIE" { server.max-keep-alive-requests = 0 } The directive can be used both globally and within each virtualhost. Be aware that adjusting the timeout upwards will consume more resources on heavily loaded webservers. Read the Apache documentation for more information. Or, for Apache 2, set it to not use Keepalive at all for Internet Explorer clients connecting via SSL in your configs:\n SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown (Remember to restart your webserver after making the changes) More informationStephen Kirkham at the University of Alberta has written a paper about the problem - http://telanis.cns.ualberta.ca/ Good description of the problem, but he hasn't discovered the 60 second magic limit :-) |