You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Maxime Bellerose <mb...@acquisio.com> on 2010/06/23 22:45:13 UTC

[users@httpd] Confused about SSL and Internet Explorer vs nokeepalive

Hello guys,

I am confused about the proper way to handle SSL when dealing with the
dreaded Internet Explorer.

Documentation and configuration state to set this so Apache does not get
impacted by the way Internet Explorer handle ssl.

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

This seems like a pretty drastic measure since it affect IE 5.X, IE
6.0 which are not used much by my visitors but also affect IE 7.0, IE 8.0
and IE 9.0 which are far more common.
I would believe that the newer browsers ( IE 7.0, IE 8.0 and IE 9.0 ) would
have this by now.... Is not the case?

Where can I get a list of browser that have these little handling bug ( This
is described in http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#The SSL
Protocol  but they do not list the browsers... )?
Isn't there a more elegant way to handle this?

Thanks is advance!!!
-- 
Merci / Thanks

Maxime Bellerose
Administrateur système et DBA / System administrator and DBA

Re: [users@httpd] Confused about SSL and Internet Explorer vs nokeepalive

Posted by Baljeet Nijjhar <ba...@googlemail.com>.

Hi

I altered my ssl.conf to do the following:

SetEnvIf User-Agent "MSIE[1-5]" nokeepalive ssl-unclean-shutdown
force-response-1.0 downgrade-1.0

SetEnvIf User-Agent "MSIE[6-99]" ssl-unclean-shutdown

to distinguish between older and newer versions of the browser.

regards, Baljeet.

On Wed, Jun 23, 2010 at 9:45 PM, Maxime Bellerose
<mb...@acquisio.com>wrote:

> Hello guys,
>
> I am confused about the proper way to handle SSL when dealing with the
> dreaded Internet Explorer.
>
> Documentation and configuration state to set this so Apache does not get
> impacted by the way Internet Explorer handle ssl.
>
>  SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
>
> This seems like a pretty drastic measure since it affect IE 5.X, IE
> 6.0 which are not used much by my visitors but also affect IE 7.0, IE 8.0
> and IE 9.0 which are far more common.
> I would believe that the newer browsers ( IE 7.0, IE 8.0 and IE 9.0 ) would
> have this by now.... Is not the case?
>
> Where can I get a list of browser that have these little handling bug (
> This is described in http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#The
> SSL Protocol<http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#The+SSL+Protocol>  but
> they do not list the browsers... )?
> Isn't there a more elegant way to handle this?
>
> Thanks is advance!!!
> --
> Merci / Thanks
>
> Maxime Bellerose
> Administrateur système et DBA / System administrator and DBA
>