Full_Name: Robert Thau
Version: 2.6.4
OS: Linux
Submission from: (NULL) (32.100.243.198)
I've run across a conflict between the mod_ssl FAQ
and the configuration which the distribution seems to actually
install. The FAQ recommends the following as a workaround for
problems with MSIE:
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
However, the configuration installed with mod_ssl 2.6 out of the box
does this instead:
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
The difference of course is that the former hits *all* MSIE browsers,
including recent ones which seem to get along fine without the
workaround. Also, closing the connection each time, as mandated in
the FAQ, has a considerable performance cost, to the point that one
site which I'm involved with stopped using SSL completely as a
temporary workaround. (They're not dealing with confidential data
*yet*, but they will).
It looks to me like the FAQ is just out of date here; if not, what's
up?
rst
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
