Here are some shots in the dark for you:

When I tried to tighten down the ciphers and SSL protocols on my server,
some (but not all) users on both IE6 and IE7 started to get that "page not
found" error (although my log error was something like "re-negotiate
failed"). I found that IE7 will fail to renegotiate with an SSLv3-only
server if IE7 is configured to use both TLSv1 and SSLv3 (I guess it tries
really hard to use TLSv1). I plan to support SSLv3 and TLSv1 to address
this problem.

Specifically:
Didn't work:
SSLProtocol -all +SSLv3
or
SSLProtocol SSLv3
Did work:
SSLProtocol all -SSLv2
or
SSLProtocol -all +SSLv3 +TLSv1

(I prefer the last incantation, which protects against the unexpected
change in definition of 'all' after an Apache upgrade)

I also had this, to tighten up the ciphers:
SSLCipherSuite HIGH:MEDIUM


Also, if your stock config files don't already do it, you may want to
implement the "fixes" for broken versions of IE (prior to IE6, I believe):
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

although the first line is different for newer versions of Apache:
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0



On Thu, 31 May 2007, John Nichel wrote:

> Hi List,
>
> I having an issue here on a newly setup webserver that I'm hoping you
> can help me with. For some reason, when some of our customers click to
> go into the secure area of our site, they're getting the Plain Jane IE
> error page of "Page cannot be displayed". When this happens, I get an
> error like this in the error log:
>
>> [Thu May 31 09:29:10 2007] [error] mod_ssl: SSL handshake interrupted by
>> system [Hint: Stop button pressed in browser?!] (System error follows)
>> [Thu May 31 09:29:10 2007] [error] System: Connection reset by peer (errno:
>> 104)

>

__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org