httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plüm, Rüdiger, VF-Group" <ruediger.pl...@vodafone.com>
Subject RE: better SSL defaults in 2.4
Date Thu, 26 Nov 2009 15:28:42 GMT
Have a look at

http://mail-archives.apache.org/mod_mbox/httpd-dev/200511.mbox/%3c20051122135629.03A2882D02@cmcodec02.st1.spray.net%3e


> -----Original Message-----
> From: Ivan Ristic 
> Sent: Donnerstag, 26. November 2009 15:26
> To: dev@httpd.apache.org
> Subject: Re: better SSL defaults in 2.4
> 
> Speaking of the SSL defaults, has anyone come up with 
> something better than:
> 
> BrowserMatch ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
> 
> Is anyone aware of any good reference that documents why the above
> code was added, and perhaps also explains how to test and what exactly
> the consequences of not using the snippet are?
> 
> I am willing to test recent IE versions to see how they behave, but
> it'd be nice if I could have a decent starting point.
> 
> 
> On Wed, Nov 18, 2009 at 2:54 PM, Jeff Trawick 
> <trawick@gmail.com> wrote:
> > enable session cache by default?
> >
> > change SSLMutex default to "SSLMutex default" instead of 
> "SSLMutex none"?
> > (does this default to "none" to avoid checking if a session cache is
> > enabled before creating the mutex?)
> 
> -- 
> Ivan Ristic
> ModSecurity Handbook [https://www.feistyduck.com]
> SSL Labs [https://www.ssllabs.com/ssldb/]
> 

Mime
View raw message