Ruediger Pluem wrote on 2009-11-07 00:29:41:
> > -BrowserMatch ".*MSIE.*" \
> > - nokeepalive ssl-unclean-shutdown \
> > - downgrade-1.0 force-response-1.0
> > +BrowserMatch "MSIE [1-5]" nokeepalive ssl-unclean-shutdown \
> > + downgrade-1.0 force-response-1.0
> > +BrowserMatch "MSIE [6-9]" ssl-unclean-shutdown
> >
> > # Per-Server Logging:
> > # The home of a custom SSL log file. Use this when you want a
>
> Do we really know that IE >= 6 do not need these additional options
> any longer?
The bug about SSL renegotiation got fixed in one of the IE 6 earlier
versions, so some of the very very old versions of IE 6 won't work, but
the market share of these versions if effectively 0%.
If you google for it you'll find some people recommending the use of
the above configuration, and I've been using it on various sites since
a few years without any problems.
The main issue with our previous config is that we are disabling
keep-alive for IE 7 and 8 which is a bad idea for a busy HTTPS server.
cheers...
--
Lars Eilebrecht
lars@eilebrecht.net
|