> > Typically these sites don't run SSL on the server. It's terminated
> > at the switch hardware, many net gear vendors have SSL accelerators
> > that emulate a connection to the server. The end user doesn't know the
> > difference. And you bind the SSL cert to the net device.
>
> That doesn't change the fact that this hardware can get keepalives to work
> for MSIE, but we can't for mod_ssl. Has anyone had a chance to try the
> settings I posted earlier? As soon as I get a free minute I'm going to test
> it on a variety of browsers I've got here.
I've been using these settings:
SetEnvIf User-Agent "MSIE [1-4]" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
SetEnvIf User-Agent "MSIE [5-9]" ssl-unclean-shutdown
and it seems to do the trick (keeping the fingers crossed....)
The difference for my app is dramatic!
My typical scenario is a fat pipe with a long roundtrip. You wouldn't believe
how much of an impact keepalive makes!
Igor
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
