On 11/07/2009 02:21 AM, Lars Eilebrecht wrote: > Ruediger Pluem wrote on 2009-11-07 00:29:41: > >>> -BrowserMatch ".*MSIE.*" \ >>> - nokeepalive ssl-unclean-shutdown \ >>> - downgrade-1.0 force-response-1.0 >>> +BrowserMatch "MSIE [1-5]" nokeepalive ssl-unclean-shutdown \ >>> + downgrade-1.0 force-response-1.0 >>> +BrowserMatch "MSIE [6-9]" ssl-unclean-shutdown >>> >>> # Per-Server Logging: >>> # The home of a custom SSL log file. Use this when you want a >> Do we really know that IE >= 6 do not need these additional options >> any longer? > > The bug about SSL renegotiation got fixed in one of the IE 6 earlier > versions, so some of the very very old versions of IE 6 won't work, but > the market share of these versions if effectively 0%. > > If you google for it you'll find some people recommending the use of > the above configuration, and I've been using it on various sites since > a few years without any problems. > > The main issue with our previous config is that we are disabling > keep-alive for IE 7 and 8 which is a bad idea for a busy HTTPS server.
Yeah, I know and this is a real PITA that has bothered me for years, but I just wanted to be sure that this is fixed in recent IE 6 and up. So many thanks for your investigations. Regards RĂ¼diger