Hi --
My question is: what is the most stable version of Apache / mod_ssl/ OpenSSL and
configuration options, stable in this case meaning allowing the widest group of the
most common browsers to connect (AOL, IE, Netscape, Opera), on the most widely used
OS's to connect? (WIN, Macs, Linux, Solaris). Trading Netscape compatibility (SSL -v3)
for Mac/IE compatibility isn't really an option.
I'm pretty sure I've scoured the appropriate FAQ's and archives, though I could have
missed something.
I have been having many reports of connection errors with various browsers (we are in
the process of compiling a complete list). I am currently running a stock Red Hat
install (7.0, I'm pretty sure). Relevent info is:
'SERVER_SOFTWARE' => 'Apache/1.3.12 (Unix) (Red Hat/Linux) mod_ssl/2.6.6
OpenSSL/0.9.5a mod_perl/1.24',
httpd.conf:
SSLEngine on
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLOptions +StdEnvVars
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [1-4]" nokeepalive ssl-unclean-shutdown downgrade-1.0
force-response-1.0
BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown
We are using a Thawte wildcard cert (*.commercestore.com), if that makes any
difference.
Our store caters to end users, so this really needs to be as cross-compatible as
possible.
Thanks,
Nick
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
