Microsoft KB Archive/170985

= FIX: ASP Incorrectly Delivers SSL Data in 32 Kilobyte Segments =

Article ID: 170985

Article Last Modified on 3/7/2005

-

APPLIES TO


 * Microsoft Active Server Pages 4.0

-



This article was previously published under Q170985



SYMPTOMS
When you use Secure Sockets Layer (SSL) to access Active Server Pages (ASP) pages, Netscape Navigator may encounter input/output (I/O) rrrors. Microsoft Internet Explorer does not display an obvious error; however, other problems may occur in your application as a result of this problem.



CAUSE
Microsoft Internet Information Server (IIS) 3.0 incorrectly segments SSL data into 32 kilobyte (KB) segments. This violates the SSL 3.0 specification, which suggests a maximum SSL segment size of 16 KB. Browsers that assume a 16 KB maximum segment size may encounter problems if they accept 32 KB chunks.



RESOLUTION
To work around this problem, do not allow ASP to send segments of data that are larger than 16 KB. Use the following methods to reduce the SSL segment size that ASP sends:  Try to turn on ASP buffering. This may work, depending on the length of the ASP page.

NOTE: This may be difficult for pages that use Response.Redirect). If your ASP page contains very large sections of HTML code, follow these steps to divide the HTML into multiple writes to the browser:   To turn on buffering, add the following line before the  tag at the top of the ASP file:     <% Response.Buffer = True %>                          To break the HTML into chunks that are smaller than 16 KB, insert the following line of code periodically in the file:      <% Response.Flush %>                         </ul>

<div class="status_section">

STATUS
Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article.

This bug was corrected in IIS 4.0 and Microsoft Windows 2000.

<div class="references_section">