On 21.07.2010 01:33, [email protected] wrote:
Author: gstein
Date: Tue Jul 20 23:33:18 2010
New Revision: 966055
URL: http://svn.apache.org/viewvc?rev=966055&view=rev
Log:
Fix up some SSL configuration, per issue #49484. IE6 had a hotfix released
for this problem quite a while back (see kb 921090), so restrict the
modified behavior to the old/unsupported browsers.
* docs/conf/extra/http-ssl.conf.in:
(): tighten up the regex to only select old MSIE browsers for the
downgrade in http behavior. this allows IE6 to run much faster.
Modified:
httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in
Modified: httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in
URL:
http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in?rev=966055&r1=966054&r2=966055&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in (original)
+++ httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in Tue Jul 20 23:33:18 2010
@@ -218,7 +218,7 @@ SSLCertificateKeyFile "@exp_sysconfdir@/
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
-BrowserMatch ".*MSIE.*" \
+BrowserMatch ".*MSIE [1-5].*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
There was a discussion[1,2] at some ApacheCon about improving defaults
for this BrowserMatch (and for SSLCipherSuite). The discussion ended
with the suggestion:
BrowserMatch "MSIE" ssl-unclean-shutdown
BrowserMatch "MSIE [2-5]" nokeepalive downgrade-1.0 force-response-1.0
So should we keep "ssl-unclean-shutdown" for all MSIE versions?
Regards,
Rainer
[1] http://marc.info/?t=125754163900002&r=1&w=2
[2] http://marc.info/?t=125754970200003&r=1&w=2
