Speaking of the SSL defaults, has anyone come up with something better than:
BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Is anyone aware of any good reference that documents why the above code was added, and perhaps also explains how to test and what exactly the consequences of not using the snippet are? I am willing to test recent IE versions to see how they behave, but it'd be nice if I could have a decent starting point. On Wed, Nov 18, 2009 at 2:54 PM, Jeff Trawick <[email protected]> wrote: > enable session cache by default? > > change SSLMutex default to "SSLMutex default" instead of "SSLMutex none"? > (does this default to "none" to avoid checking if a session cache is > enabled before creating the mutex?) -- Ivan Ristic ModSecurity Handbook [https://www.feistyduck.com] SSL Labs [https://www.ssllabs.com/ssldb/]
