On Thu, Jun 29, 2000, [EMAIL PROTECTED] wrote:
> Full_Name: Robert Thau
> Version: 2.6.4
> OS: Linux
> Submission from: (NULL) (32.100.243.198)
>
> I've run across a conflict between the mod_ssl FAQ
> and the configuration which the distribution seems to actually
> install. The FAQ recommends the following as a workaround for
> problems with MSIE:
>
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
>
> However, the configuration installed with mod_ssl 2.6 out of the box
> does this instead:
>
> BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
>
> The difference of course is that the former hits *all* MSIE browsers,
> including recent ones which seem to get along fine without the
> workaround. Also, closing the connection each time, as mandated in
> the FAQ, has a considerable performance cost, to the point that one
> site which I'm involved with stopped using SSL completely as a
> temporary workaround. (They're not dealing with confidential data
> *yet*, but they will).
>
> It looks to me like the FAQ is just out of date here; if not, what's
> up?
Robert, in the latest versions, the FAQ and the httpd.conf file are in sync: I
use ".*MSIE.*" both times, although you're right that this drops down
performance for _all_ MSIE versions. But I decided to better drop down
performance than having to fiddle around with hundrets of versions which work
and other hundrets of versions which still cause problems. If a user is
certain which MSIE versions work, he just can change the BrowserMatch
directive. But for the version I ship, I want to stick with the most
conservative setting.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
