"This page contains secure and non secure elements" (was "mod_jk : "connection aborted or network problems", but apache and tomcat are on the same machine??")

[Francis Galiegue <fg...@gmail.com>]

OK, I have some more information...

The whole webapp is served through mod_ssl, as such (in the webapp
specific config file):

----
<VirtualHost the.server.name:443>
[...]
        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:-MEDIUM:-SSLv2:-LOW:-eNULL
        SSLOptions +StdEnvVars +ExportCertData
        SSLCertificateKeyFile conf/ssl.key/one2team.key
        SSLCertificateFile conf/ssl.crt/one2team.crt
[...]
----

The dates of the messages in jk.log match precisely the moment where
users see a security popup (well, at least during work hours) warning
them that the page contains secure and non secure items. When they
choose to see the page anyway, IE says that "the page cannot be
loaded" (doh). Those same pages work fine the rest of the time.

But IE is not the only "culprit", since Firefox users also get the
warning and observe the same behaviour: ask to view the page anyway,
but it immediately fails to load - this time with a message saying
(translated from French, so very probably inaccurate) 'Timeout - The
server took too much time to respond'. Whenever you click Yes
immediately or 5 seconds later.

>From what I've read, this message can appear when an empty response is
sent back to the browser, even if this response is supposedly SSL (the
mod_ssl configuration looks fine AFAICT). I use konqueror myself, but
don't use the site regularly enough that I encountered this problem.

The question which I still didn't find an answer for is what mod_jk
actually calls the client...

TIA,
--
Francis Galiegue, fgaliegue@gmail.com, fg@one2team.com, fg6@wanadoo.fr
One2team - 12bis rue de la Pierre Levée, 75011 Paris - 0143381980
"When it comes to performance, weight is everything" - Tiff Needell

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: "This page contains secure and non secure elements" (was "mod_jk : "connection aborted or network problems", but apache and tomcat are on the same machine??")

[Francis Galiegue <fg...@gmail.com>]

2006/5/8, Marc Farrow <ma...@gmail.com>:
> You said it gives a warning in Firefox, but IE doesn't allow page to be
> pulled up.

No, both fail to load it. The only benefit of Firefox is its more
accurate error message.

--
Francis Galiegue, fgaliegue@gmail.com, fg@one2team.com, fg6@wanadoo.fr
One2team - 12bis rue de la Pierre Levée, 75011 Paris - 0143381980
"When it comes to performance, weight is everything" - Tiff Needell

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: "This page contains secure and non secure elements" (was "mod_jk : "connection aborted or network problems", but apache and tomcat are on the same machine??")

[Marc Farrow <ma...@gmail.com>]

You said it gives a warning in Firefox, but IE doesn't allow page to be
pulled up.  I am pretty sure this is a security setting within IE (and can
be disabled or changed to prompt) and not anything you can control (however
the user/client could).  You would have to remove the warning totally to get
around it.

On 5/8/06, Francis Galiegue <fg...@gmail.com> wrote:
>
> OK, I have some more information...
>
> The whole webapp is served through mod_ssl, as such (in the webapp
> specific config file):
>
> ----
> <VirtualHost the.server.name:443>
> [...]
>        SSLEngine on
>        SSLProtocol all -SSLv2
>        SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:-MEDIUM:-SSLv2:-LOW:-eNULL
>        SSLOptions +StdEnvVars +ExportCertData
>        SSLCertificateKeyFile conf/ssl.key/one2team.key
>        SSLCertificateFile conf/ssl.crt/one2team.crt
> [...]
> ----
>
> The dates of the messages in jk.log match precisely the moment where
> users see a security popup (well, at least during work hours) warning
> them that the page contains secure and non secure items. When they
> choose to see the page anyway, IE says that "the page cannot be
> loaded" (doh). Those same pages work fine the rest of the time.
>
> But IE is not the only "culprit", since Firefox users also get the
> warning and observe the same behaviour: ask to view the page anyway,
> but it immediately fails to load - this time with a message saying
> (translated from French, so very probably inaccurate) 'Timeout - The
> server took too much time to respond'. Whenever you click Yes
> immediately or 5 seconds later.
>
> From what I've read, this message can appear when an empty response is
> sent back to the browser, even if this response is supposedly SSL (the
> mod_ssl configuration looks fine AFAICT). I use konqueror myself, but
> don't use the site regularly enough that I encountered this problem.
>
> The question which I still didn't find an answer for is what mod_jk
> actually calls the client...
>
> TIA,
> --
> Francis Galiegue, fgaliegue@gmail.com, fg@one2team.com, fg6@wanadoo.fr
> One2team - 12bis rue de la Pierre Levée, 75011 Paris - 0143381980
> "When it comes to performance, weight is everything" - Tiff Needell
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


--
Marc Farrow

Re: "This page contains secure and non secure elements" (was "mod_jk : "connection aborted or network problems", but apache and tomcat are on the same machine??")

[Jim Jagielski <ji...@jaguNET.com>]

On May 8, 2006, at 3:44 PM, Francis Galiegue wrote:

> OK, I have some more information...
>
> The whole webapp is served through mod_ssl, as such (in the webapp
> specific config file):
>

Not sure if this was already mentioned, but check to make
sure that all resources are either relative or else
use the https: scheme. If the returned content has even
one img src or css link that points to a http: link, then
the error will occur.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org