nokeepalive and SSLVerifyClient

nokeepalive and SSLVerifyClient

am 16.05.2007 18:34:59 von rich.fought

This is a multi-part message in MIME format.

------_=_NextPart_001_01C797D8.25FF0BDA
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

Sorry, I sent the last message prematurely (damn hotkeys).
=20
We currently use the following options to get around the IE SSL bug:
=20
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

=20

We also wish to use X509 client authentication, and my concern is that
these directives will cause the client certification verification, and
indeed the entire SSL session negotiation, to be performed anew with
every single request. Is this performance hit a reality?

=20

Thanks,

Rich


------_=_NextPart_001_01C797D8.25FF0BDA
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">


charset=3Dus-ascii">








style=3D'font-size:10.0pt'>Sorry, I sent the last message prematurely =

(damn hotkeys).

size=3D2 face=3D"Courier New">
style=3D'font-size:10.0pt'> 

t

size=3D2 face=3DArial>
style=3D'font-size:10.0pt;font-family:Arial'>We currently use the =

following options to get around the IE SSL =

bug:

size=3D2 face=3D"Courier New">
style=3D'font-size:10.0pt'> 

t

size=3D2 face=3D"Courier New">SetEnvIf =

User-Agent ".*MSIE.*" =

\

size=3D2 face=3D"Courier New">
style=3D'font-size:10.0pt'>       &nbs=

p; nokeepalive ssl-unclean-shutdown =

\

size=3D2 face=3D"Courier New">
style=3D'font-size:10.0pt'>       &nbs=

p; downgrade-1.0 force-response-1.0


style=3D'font-size:10.0pt;
font-family:Arial'> 



style=3D'font-size:10.0pt;
font-family:Arial'>We also wish to use X509 client authentication, and =
my
concern is that these directives will cause the client certification
verification, and indeed the entire SSL session negotiation, to be =
performed anew
with every single request.  Is this performance hit a =
reality?



style=3D'font-size:10.0pt;
font-family:Arial'> 



style=3D'font-size:10.0pt;
font-family:Arial'>Thanks,



style=3D'font-size:10.0pt;
font-family:Arial'>Rich









------_=_NextPart_001_01C797D8.25FF0BDA--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org