Package: apache2 Version: 2.4.12-2ubuntu2 Severity: normal The default-ssl.conf configuration for apache2 contains these lines:
> BrowserMatch "MSIE [2-6]" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown They don't serve any purpose and should be removed. For IE 2-6: Upstream uses > BrowserMatch "MSIE [2-5]" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 in httpd-ssl.conf.in, which excludes IE6. IE5 and below are rare enough that seems not worth including them in the default configuration for a new secure web server today. (I would argue the same is true for IE6.) For IE 7 and up: I used an IE7 VM from https://modern.ie/ to connect to a vhost which didn't enable ssl-unclean-shutdown. IE7 had no problem with standard connection closes, and nothing appeared in a debug-level SSL log. This directive does not appear to be necessary for any more modern versions of IE. -- Package-specific info: -- System Information: Debian Release: jessie/sid APT prefers wily-updates APT policy: (500, 'wily-updates'), (500, 'wily-security'), (500, 'wily') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.2.0-23-generic (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages apache2 depends on: ii apache2-bin 2.4.12-2ubuntu2 ii apache2-data 2.4.12-2ubuntu2 ii apache2-utils 2.4.12-2ubuntu2 ii dpkg 1.18.2ubuntu5.1 ii lsb-base 4.1+Debian11ubuntu8 ii mime-support 3.58ubuntu1 ii perl 5.20.2-6ubuntu0.1 ii procps 1:3.3.9-1ubuntu8 Versions of packages apache2 recommends: ii ssl-cert 1.0.37 Versions of packages apache2 suggests: pn apache2-doc <none> pn apache2-suexec-pristine | apache2-suexec-custom <none> ii ufw 0.34-2 pn www-browser <none> Versions of packages apache2-bin depends on: ii libapr1 1.5.2-3 ii libaprutil1 1.5.4-1 ii libaprutil1-dbd-sqlite3 1.5.4-1 ii libaprutil1-ldap 1.5.4-1 ii libc6 2.21-0ubuntu4.1 ii libldap-2.4-2 2.4.41+dfsg-1ubuntu2 ii liblua5.1-0 5.1.5-8 ii libpcre3 2:8.35-7.1ubuntu1 ii libssl1.0.0 1.0.2d-0ubuntu1.3 ii libxml2 2.9.2+zdfsg1-4ubuntu0.3 ii perl 5.20.2-6ubuntu0.1 ii zlib1g 1:1.2.8.dfsg-2ubuntu4 Versions of packages apache2-bin suggests: pn apache2-doc <none> pn apache2-suexec-pristine | apache2-suexec-custom <none> pn www-browser <none> Versions of packages apache2 is related to: ii apache2 2.4.12-2ubuntu2 ii apache2-bin 2.4.12-2ubuntu2 -- Configuration Files: /etc/apache2/apache2.conf changed [not included] /etc/apache2/conf-available/charset.conf changed [not included] /etc/apache2/conf-available/security.conf changed [not included] -- no debconf information