You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by al...@squigly.net on 2005/01/26 15:32:25 UTC

[users@httpd] downgrade-1.0 force-response-1.0 side affects

Hi All -- I originally posted this message to the mod_ssl mailing list, but have
received no reply.

When implementing the following into an apache virtual host (ssl) configuration:

    SetEnvIf User-Agent ".*MSIE.*" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0

What if any adverse affects can this have?  I'm a little hesitant implementing
it against all IE clients if it's not required -or- it will cause other issues.

http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49

Much appreciated!
thanks
-sd


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] downgrade-1.0 force-response-1.0 side affects

Posted by Marko Asplund <ma...@kronodoc.com>.

Joshua Slive wrote:
> On Wed, 26 Jan 2005 09:32:25 -0500, alex@squigly.net <al...@squigly.net> wrote:
> 
>>Hi All -- I originally posted this message to the mod_ssl mailing list, but have
>>received no reply.
>>
>>When implementing the following into an apache virtual host (ssl) configuration:
>>
>>    SetEnvIf User-Agent ".*MSIE.*" \
>>             nokeepalive ssl-unclean-shutdown \
>>             downgrade-1.0 force-response-1.0
>>
>>What if any adverse affects can this have?  I'm a little hesitant implementing
>>it against all IE clients if it's not required -or- it will cause other issues.

we had to drop nokeepalive and downgrade-1.0 (if memory serves me) from 
there in a project to make TLS work with an application using NTLM 
authentication with clients.


br, aspa

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] downgrade-1.0 force-response-1.0 side affects

Posted by Joshua Slive <js...@gmail.com>.

On Wed, 26 Jan 2005 10:17:35 -0500, alex@squigly.net <al...@squigly.net> wrote:
> Hi Josh,
> 
> Thanks for the reply.
> 
> Does SSL benefit from http 1.1 ?

Yes.  SSL is simply a layer on top of HTTP, so it will benefit as much
from HTTP/1.1 features as a non-SSL server.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] downgrade-1.0 force-response-1.0 side affects

Posted by al...@squigly.net.

Hi Josh,

Thanks for the reply.

Does SSL benefit from http 1.1 ?


> I have no idea whether these are really required in MSIE 6.  One would
> hope that MS has dealt with the bugs, but then again, it is MS.
>
> To see what the env variables do, check
> http://httpd.apache.org/docs/env.html#special
>
> As far as negative side effects, there could be many.  Turning off
> keep-alive will force the client to setup and tear-down a TCP
> connection for each request, potentially slowing things down,
> especially if you have lots of objects on your pages.
>
> Turning off HTTP/1.1 features will lose you lots of things like
> enhanced cache mangement, chunked responses, etc.
>
> Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] downgrade-1.0 force-response-1.0 side affects

Posted by Joshua Slive <js...@gmail.com>.

On Wed, 26 Jan 2005 09:32:25 -0500, alex@squigly.net <al...@squigly.net> wrote:
> Hi All -- I originally posted this message to the mod_ssl mailing list, but have
> received no reply.
> 
> When implementing the following into an apache virtual host (ssl) configuration:
> 
>     SetEnvIf User-Agent ".*MSIE.*" \
>              nokeepalive ssl-unclean-shutdown \
>              downgrade-1.0 force-response-1.0
> 
> What if any adverse affects can this have?  I'm a little hesitant implementing
> it against all IE clients if it's not required -or- it will cause other issues.

I have no idea whether these are really required in MSIE 6.  One would
hope that MS has dealt with the bugs, but then again, it is MS.

To see what the env variables do, check
http://httpd.apache.org/docs/env.html#special

As far as negative side effects, there could be many.  Turning off
keep-alive will force the client to setup and tear-down a TCP
connection for each request, potentially slowing things down,
especially if you have lots of objects on your pages.

Turning off HTTP/1.1 features will lose you lots of things like
enhanced cache mangement, chunked responses, etc.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org