Benjamin Scott wrote: > > On Fri, 8 Mar 2002, at 7:56pm, Kenneth E. Lussier wrote: > > Does anyone know how to configure Apache-SSL so that browsers can cache > > SSL encrypted documents? > > I'm not sure I understand your question. Are you serving objects, and the > browser is not caching them, and you think that is Apache's doing? Or are > you using Apache as a caching proxy, and you want *it* to cache SSL objects?
I have Apache-SSL serving pseudo-dynamic content via a PHP (yes, that horrid, insecure, evil language) script pulling data from MySQL. When I pull up the pages in a browser via http, the pages are cached, and I can do things such as export them to spreadsheets, etc. However, if I pull the pages via https, the pages are cached, and therefore, I can't export them. I'm hoping that it is an Apache thing, since that may be readily fixable. > The latter is not possible; the SSL encrypted stream is passed through to > the next system directly. > > The former depends on two things: The headers the web server sends to the > client, and what the client does on its own. I suspect many browsers are > configured internally to not cache encrypted objects. I know MSIE has an > option for this, for example. Not sure about Mozilla. It doesn't matter what settings I try in the client. None of them cache https docs (ie, mozilla, NS, and Opera). > As far as the headers go, if your content is dynamically generated (as it > often is for SSL), then it depends on what the generator (CGI script, for > example) sends for headers. If the generator does not set things explicitly, > then Apache will tell the client not to cache anything, since it was > dynamically generated. Hmmmm.... This could be the problem. I may need to force the issue with some good old fashioned HTML. > If you are serving a static (plain old disk file) object, ummm... I'm not > sure. Since the docs do not say or provide an option, either Apache's > default behavior should be in place (allow caching), or the SSL module is > explicitly using cache control headers to prohibit caching. Either way, I > suspect a journey to the source code will be required. I hate going there ;-) > > I thought that it was as easy as using the CachNegotiatedDocs setting, but > > I was apparently wrong. > > I assume you tried "CacheNegotatedDocs" as well? ;-) heh.. Yeah, that too ;-) C-Ya, Kenny --------------------------------------------------- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0D2BA57 ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
