httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ivan Ristic <>
Subject Re: better SSL defaults in 2.4
Date Thu, 26 Nov 2009 14:26:10 GMT
Speaking of the SSL defaults, has anyone come up with something better than:

BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

Is anyone aware of any good reference that documents why the above
code was added, and perhaps also explains how to test and what exactly
the consequences of not using the snippet are?

I am willing to test recent IE versions to see how they behave, but
it'd be nice if I could have a decent starting point.

On Wed, Nov 18, 2009 at 2:54 PM, Jeff Trawick <> wrote:
> enable session cache by default?
> change SSLMutex default to "SSLMutex default" instead of "SSLMutex none"?
> (does this default to "none" to avoid checking if a session cache is
> enabled before creating the mutex?)

Ivan Ristic
ModSecurity Handbook []
SSL Labs []

View raw message