When I connect via HTTPS to an Apache with Mod_SSL or OpenSSL server with Microsoft Internet Explorer (MSIE), I get various I/O errors. Why?

In some MSIE versions, the SSL implementation has some subtle bugs related to the HTTP keep-alive facility and the SSL close notify alerts on socket connection. Additionally, you need to solve the issues between SSL and HTTP/1.1 features by using Mod_SSL or OpenSSL to force Apache to not use HTTP/1.1, keep-alive connections or sending the SSL close notify messages to MSIE clients. This can be done by using the following directive in your SSL-aware virtual host section:

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

Additionally, some MSIE versions have problems with particular ciphers. Unfortunately, those with MSIE clients cannot work around these bugs, because the ciphers are already used in the SSL handshake phase. Instead, you’ll have to make more drastic adjustments to the global parameters. Before you decide to do this, make sure your clients really have problems. If not, do not do this, because it will affect ALL your clients.