<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=KOI8-R" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<br>
<br>
Igor Sysoev wrote:
<blockquote cite="mid:20090326174159.GJ13433@rambler-co.ru" type="cite">
<pre wrap="">On Thu, Mar 26, 2009 at 01:15:01PM -0400, Kurt Hansen wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Igor Sysoev wrote:
</pre>
<blockquote type="cite">
<pre wrap="">On Thu, Mar 26, 2009 at 09:42:46AM -0400, Kurt Hansen wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Now, I'm not sure where the problem is, the version of nginx, OpenSSL,
how nginx was compiled for this rpm, or the digital cert. I think the
digital cert is OK since it is working on all other browsers.
Are others having a problem with IE? Successes?
If you want to look at the cert with the problem, here it is:
<a class="moz-txt-link-freetext" href="https://donate.mercycorps.org/">https://donate.mercycorps.org/</a>
</pre>
</blockquote>
<pre wrap="">In my test MSIE 6.0 does not like certificate on the site.
</pre>
</blockquote>
<pre wrap="">Thanks for checking!
Yes, MSIE doesn't like the certifying authority. Maybe I have the CA
cert and the donate.mercycorps.org cert in the wrong order. I think they
root cause might by the SSLv3 not working, though.
If it were just the cert, I'd get a warning but it would let me connect.
With this problem, it won't let me connect if SSLv2 is disabled on the
client or the server.
</pre>
</blockquote>
<pre wrap=""><!---->
In SSLv2 mode the site sends the *.mercycorps.org cert only, so this is
the problem why MSIE does not like the cert.
As to SSLv3, could you show
ssl_ciphers
ssl_prefer_server_ciphers
directives ?
</pre>
</blockquote>
That explains the bad cert -- thanks!<br>
<br>
Here are the directives. For the ssl_ciphers, I copied what I was using
on Apache.<br>
<br>
ššš ssl_ciphersš ALL:!aNULL:!ADH:!eNULL:RC4+RSA:+HIGH:+MEDIUM:!LOW:!EXP;<br>
ššš ssl_prefer_server_ciphersšš on;<br>
<br>
<br>
Take care,<br>
<br>
Kurt<br>
</body>
</html>