Flex app works with FireFox but not with IE when using SSL

There are multiple uses run into the issue about the same flex app works fine with FireFox, but doesn’t work with IE. So what is the difference between FireFox and IE browser when SSL is involved? Here is a list of the cause of the problem and how to resolve it:

Note:If the first request fails but refresh works, then you need to enable an IE option “Do not save encrypted pages to disc”, make sure it is selected.

1. By default the IE header is set to no-cache.
This may cause problem when your flex app is using SSL. You can change the header setting as descript in this TechNote . That will keep the data on client long enough to have the player read it.
To change the header, follow the steps here to change the setting at html level or web server level.

You also need to double check in the channel-definition in services-config.xml (see this TechNote) :

<channel-definition id=”my-secure-amf” class=”mx.messaging.channels.SecureAMFChannel”>
<endpoint uri=”https://{server.name}:{server.port}{context.root}/flex2gateway/” class=”flex.messaging.endpoints.SecureAMFEndpoint”/>
<properties>
<add-no-cache-headers>false</add-no-cache-headers>
</properties>
</channel-definition>

2. self-certificate configuration
If you are using a self-certificate, or an invalid certificate, then you will not be able to access https from IE, but it works on Firefox. An easy test can explain the problem. For example, if you are using Coldfusion gateway as following: https://localhost:8700/cfusion/flex2gateway/
if you browse that URL from Firefox, it will return a blank page, without a security popup. A blank page means that gateway is working correctly.
if you access that URL from IE, you will get a security popup dialog, once you selected “yes”, then IE will return a blank page. As you can see IE is intercepting
the request. Therefore flex can’t get to it automatically. However, after you selected “yes” which means your IE browser accepted the url as trusted address, then your flex app will work fine. So it maybe okay for internal testing by manually accept the URL, but you need to have a valid certificate for your production.

3. IE limits connections per server. See the following links:

http://support.microsoft.com/kb/183110/

http://blogs.msdn.com/ie/archive/2005/04/11/407189.aspx

To avoid the problem, you can do it from client side or server side.
If you can control the client machine, then you can follow the suggestion in http://support.Microsoft.com/kb/183110/ to increase the limit.
If you can’t do that, you can change endpoint to make IE think it is from different URL.
Two approach:
a). use the concept descript in this Blog

http://weblogs.macromedia.com/pent/archives/2005/02/operating_in_pa.cfm

and set the endpoint in your data services like this:
<mx:RemoteObject
id=”myService”
endpoint=https://www.my.com:8700/cfusion/flex2gateway/?foo=1
destination=”ColdFusion”
source=”HelloWorld”>
….

<mx:RemoteObject
id=”myService”
endpoint=https://www.my.com:8700/cfusion/flex2gateway/?foo=2
destination=”ColdFusion”
source=”HelloWorld”>
…..

b). configure in IIS to have www1.my.com and www2.my.com, and set endpoint to
endpoint=http://www1.my.com:8700/cfusion/flex2gateway/
endpoint=http://www2.my.com:8700/cfusion/flex2gateway/

4. Another cause can be a proxy server is in use. Even if you have Keep Alive set to true in IE, you can still get one-connection-per-file. The following is from an article about this topic, which inculdes how to check the proxy server.:

Keepin Alive

In most cases, Internet Explorer uses the Keep-Alive option in HTTP 1.1 so that it can reuse a connection to fetch several files. This takes advantage of a connection that has already been warmed up, saving all the connection startup overhead.

However, there is one common situation where IE is very conservative and does not use Keep-Alive; that is when a proxy server is in use. In those cases it drops back to the old one-connection-per-file mode, which can kill performance. That rule may have made sense 10 years ago when IE was new and proxy servers were flakey, but any proxy worth using today should handle Keep-Alive with no problems.

Do you know if your connection is using a proxy server? You may be surprised to find out that you are. Some security software uses proxies to filter Web pages, for example. To see if your connection is using a proxy, start IE and click Tools, Internet Options, Connections. Click the LAN Settings button and see if the Use A Proxy Server box is checked.

Here is how to check your HTTP 1.1 settings: In IE, click Tools, Internet Options, and the Advanced tab. Scroll down to Connection and make sure that both of these boxes are checked: Use HTTP 1.1 and Use HTTP 1.1 Through Proxy Servers.

http://www.pctoday.com/editorial/article.asp?article=articles/2006/t0409/26t09/26t09.asp&guid=