httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: [UPDATED] Re: [PATCH] new default SSLCipherSuite and SSL BrowserMatch configuration
Date Fri, 06 Nov 2009 23:29:41 GMT


On 11/07/2009 12:19 AM, Lars Eilebrecht wrote:
> Hi,
> 
> attached is a slightly different patch, it includes "!EXP" and I've
> moved the directive out of the vhost into the main server config
> (there's not reason to duplicate the config for each vhost).
> 
> In addition I've added "RC4-SHA:AES128-SHA" to the beginning of the
> list which doesn't make a difference unless SSLCipherHonorOrder is
> enabled which I've included as an example in the config (disabled by
> default).
> 
> cheers...
>
> @@ -212,9 +218,9 @@
>  #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
>  #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
>  #   "force-response-1.0" for this.
> -BrowserMatch ".*MSIE.*" \
> -         nokeepalive ssl-unclean-shutdown \
> -         downgrade-1.0 force-response-1.0
> +BrowserMatch "MSIE [1-5]" nokeepalive ssl-unclean-shutdown \
> +                          downgrade-1.0 force-response-1.0
> +BrowserMatch "MSIE [6-9]" ssl-unclean-shutdown
>
>  #   Per-Server Logging:
>  #   The home of a custom SSL log file. Use this when you want a

Do we really know that IE >= 6 do not need these additional options any longer?

Regards

RĂ¼diger



Mime
View raw message