Discussion:
downgrade-1.0 force-response-1.0 side affects
a***@squigly.net
2005-01-26 14:32:25 UTC
Permalink
Hi All -- I originally posted this message to the mod_ssl mailing list, but have
received no reply.

When implementing the following into an apache virtual host (ssl) configuration:

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

What if any adverse affects can this have? I'm a little hesitant implementing
it against all IE clients if it's not required -or- it will cause other issues.

http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49

Much appreciated!
thanks
-sd


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Joshua Slive
2005-01-26 15:05:16 UTC
Permalink
Post by a***@squigly.net
Hi All -- I originally posted this message to the mod_ssl mailing list, but have
received no reply.
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
What if any adverse affects can this have? I'm a little hesitant implementing
it against all IE clients if it's not required -or- it will cause other issues.
I have no idea whether these are really required in MSIE 6. One would
hope that MS has dealt with the bugs, but then again, it is MS.

To see what the env variables do, check
http://httpd.apache.org/docs/env.html#special

As far as negative side effects, there could be many. Turning off
keep-alive will force the client to setup and tear-down a TCP
connection for each request, potentially slowing things down,
especially if you have lots of objects on your pages.

Turning off HTTP/1.1 features will lose you lots of things like
enhanced cache mangement, chunked responses, etc.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
a***@squigly.net
2005-01-26 15:17:35 UTC
Permalink
Hi Josh,

Thanks for the reply.

Does SSL benefit from http 1.1 ?
Post by Joshua Slive
I have no idea whether these are really required in MSIE 6. One would
hope that MS has dealt with the bugs, but then again, it is MS.
To see what the env variables do, check
http://httpd.apache.org/docs/env.html#special
As far as negative side effects, there could be many. Turning off
keep-alive will force the client to setup and tear-down a TCP
connection for each request, potentially slowing things down,
especially if you have lots of objects on your pages.
Turning off HTTP/1.1 features will lose you lots of things like
enhanced cache mangement, chunked responses, etc.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Joshua Slive
2005-01-26 15:19:38 UTC
Permalink
Post by a***@squigly.net
Hi Josh,
Thanks for the reply.
Does SSL benefit from http 1.1 ?
Yes. SSL is simply a layer on top of HTTP, so it will benefit as much
from HTTP/1.1 features as a non-SSL server.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org

Marko Asplund
2005-01-26 15:31:43 UTC
Permalink
Post by a***@squigly.net
Hi All -- I originally posted this message to the mod_ssl mailing list, but have
received no reply.
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
What if any adverse affects can this have? I'm a little hesitant implementing
it against all IE clients if it's not required -or- it will cause other issues.
we had to drop nokeepalive and downgrade-1.0 (if memory serves me) from
there in a project to make TLS work with an application using NTLM
authentication with clients.


br, aspa

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-***@httpd.apache.org
" from the digest: users-digest-***@httpd.apache.org
For additional commands, e-mail: users-***@httpd.apache.org
Loading...