SSLVerifyClient with IE7

I've already asked the question in the users@httpd.apache.org mailing list
but here it might be more suitable:

I've setup a https site with Apache 2.0.52, mod_ssl 2.0.52 and OpenSSL
0.9.7a (Red Hat Enterprise Linux ES release 4 (Nahant Update 4)). A special
directory should be optional authenticated via client certificate. This
works with Firefox, Netscape, IE6 but not with IE7 (Windows XP SP2 and
Windows Vista).

When trying to access the page with IE7 the browser let me choose the client
certificate, let me enter the PIN for the smartcard but then shows the error
message "The browser can not connect to the site.". In the log files of the
server there's only 1 new line:

[error] Re-negotiation handshake failed: Not accepted by client!?

Here's the httpd.conf part for SSL:

SSLEngine on
SSLProtocol +SSLv3
SSLCipherSuite HIGH:MEDIUM:SSLv3
SSLCertificateFile /etc/httpd/conf/ssl.crt/mydomain.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mydomain.key
SSLCACertificateFile /etc/httpd/conf/ssl.crt/mydomain.ca-bundle
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0

<Directory "/var/www/public/htdocs/protected">
SSLVerifyClient optional
SSLVerifyDepth 5
SSLOptions +FakeBasicAuth +StdEnvVars +ExportCertData +OptRenegotiate
</Directory>

Any suggestions?

-----
--
Trees die standing.
--
View this message in context: http://www.nabble.com/SSLVerifyClien...p15852947.html
Sent from the mod_ssl - Users mailing list archive at Nabble.com.

__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org