Web Agent Guides › Web Agent Configuration Guide › Troubleshooting › iPlanet WebServer Shows Blank Page when Using Basic over SSL

iPlanet WebServer Shows Blank Page when Using Basic over SSL

Symptom:

iPlanet WebServer shows a blank page when using Basic over SSL. The way Microsoft Internet Explorer (MSIE) handles SSL version 3 (SSLv3) and Transport

Transport Layer Security (TLS) keep-alive connections cause interoperability problems with non-Microsoft web servers such as the iPlanet web server. When accessing a web server over SSL (https://) connections, Internet Explorer may inappropriately display error messages or blank pages.

Solution:

iPlanet Web Server 6.0 SP2 introduces new functionality to work around this problem. The following two remedies are possible:

• Add the following line immediately below the <Object name="default"> line in the server's obj.conf files:

  AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
  

  This line instructs the server to not send a close_notify alert when it closes SSLv3 connections from MSIE browsers. The close_notify packet is a required component of the SSLv3 and TLS specifications, but it is misinterpreted by MSIE.

  Note: The close_notify packet is used in SSLv3 and TLS connections to inform the other party in the transaction that the connection is being closed. Instructing iPlanet WebServer to not send the close_notify packet may make MSIE vulnerable to a truncation attack.

• Add the following line immediately below the <Object name="default"> line in the server's obj.conf files:

  AuthTrans fn="match-browser" browser="*MSIE*" keep-alive="disabled"
  

  This line instructs the server to disable keep-alive connections for Internet Explorer browsers. Disabling keep-alive connections may decrease your server's performance.