Re: Confused about SSL and Internet Explorer vs nokeepalive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi

I altered my ssl.conf to do the following:

SetEnvIf User-Agent "MSIE[1-5]" nokeepalive ssl-unclean-shutdown force-response-1.0 downgrade-1.0

SetEnvIf User-Agent "MSIE[6-99]" ssl-unclean-shutdown

to distinguish between older and newer versions of the browser.

regards, Baljeet.

On Wed, Jun 23, 2010 at 9:45 PM, Maxime Bellerose <mbellerose@xxxxxxxxxxxx> wrote:
Hello guys,

I am confused about the proper way to handle SSL when dealing with the dreaded Internet Explorer.

Documentation and configuration state to set this so Apache does not get impacted by the way Internet Explorer handle ssl.

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

This seems like a pretty drastic measure since it affect IE 5.X, IE 6.0 which are not used much by my visitors but also affect IE 7.0, IE 8.0 and IE 9.0 which are far more common.
I would believe that the newer browsers ( IE 7.0, IE 8.0 and IE 9.0 ) would have this by now.... Is not the case?

Where can I get a list of browser that have these little handling bug ( This is described in http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#The SSL Protocol  but they do not list the browsers... )?
Isn't there a more elegant way to handle this?

Thanks is advance!!!
--
Merci / Thanks

Maxime Bellerose
Administrateur système et DBA / System administrator and DBA

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux