> I've run across a conflict between the mod_ssl FAQ
> and the configuration which the distribution seems to actually
> install. The FAQ recommends the following as a workaround for
> problems with MSIE:
>
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
>
> However, the configuration installed with mod_ssl 2.6 out of the box
> does this instead:
>
> BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0
> force-response-1.0
>
> The difference of course is that the former hits *all* MSIE browsers,
> including recent ones which seem to get along fine without the
> workaround. Also, closing the connection each time, as mandated in
> the FAQ, has a considerable performance cost, to the point that one
> site which I'm involved with stopped using SSL completely as a
> temporary workaround. (They're not dealing with confidential data
> *yet*, but they will).
In my install of mod_ssl, I did get the
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
line set in my httpd.conf, look in the SSL virtual host. That one is only
for the SSL portion of the server. The BrowserMatch line you describe is a
specific workaround for MSIE 4.0b2 browsers for the entire server.
I actually had to add "downgrade-1.0 force-response-1.0" to the SetEnvIf
line to get reliable responses back to MSIE browsers, and Ralf mentioned
that this will be going into the default configuration and FAQ (although it
doesn't appear to be there yet).
-Dave
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
