Fix too widely open regexp targeting SSL/TLS settings of Microsoft

Internet Explorer. See rant: http://newestindustry.org/2007/06/06/dear-apache-software-foundation-fix-the-msie-ssl-keepalive-settings/ This is also ack'ed by Apache and fixed in their httpd's trunk: https://issues.apache.org/bugzilla/show_bug.cgi?id=49484 http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in?view=markup
2012-11-22 13:44:27 +00:00 · 2012-11-22 13:44:27 +00:00 · cd91e65ab2
commit cd91e65ab2
parent b87e13140e
1 changed files with 4 additions and 3 deletions
--- a/apache/templates/site.https.conf.erb
+++ b/apache/templates/site.https.conf.erb
@ -138,9 +138,10 @@ SSLCertificateChainFile <%= @apache_ssldir %>/certs/<%= site_fqdn %>.chain.crt
 #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
 #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
 #   "force-response-1.0" for this.
-SetEnvIf User-Agent ".*MSIE.*" \
-         nokeepalive ssl-unclean-shutdown \
-         downgrade-1.0 force-response-1.0
+BrowserMatch "MSIE [2-5]" \
+        nokeepalive ssl-unclean-shutdown \
+        downgrade-1.0 force-response-1.0
+

 #   Per-Server Logging:
 #   The home of a custom SSL log file. Use this when you want a