nokeepalive and SSLVerifyClient
This is a discussion on nokeepalive and SSLVerifyClient within the Modssl Users forums, part of the Web Server and Related Forums category; This is a multi-part message in MIME format. ------_=_NextPart_001_01C797D8.25FF0BDA Content-Type: text/plain; charset="US-ASCII&...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-16-2007
|
|||
|
|||
nokeepalive and SSLVerifyClient
This is a multi-part message in MIME format.
------_=_NextPart_001_01C797D8.25FF0BDA Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Sorry, I sent the last message prematurely (damn hotkeys). =20 We currently use the following options to get around the IE SSL bug: =20 SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 =20 We also wish to use X509 client authentication, and my concern is that these directives will cause the client certification verification, and indeed the entire SSL session negotiation, to be performed anew with every single request. Is this performance hit a reality? =20 Thanks, Rich ------_=_NextPart_001_01C797D8.25FF0BDA Content-Type: text/html; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns=3D"http://www.w3.org/TR/REC-html40"> <head> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"> <meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)"> <style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline;} pre {margin:0in; margin-bottom:.0001pt; font-size:10.0pt; font-family:"Courier New";} span.EmailStyle17 {mso-style-type:personal-compose; font-family:Arial; color:windowtext;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in;} div.Section1 {page:Section1;} --> </style> </head> <body lang=3DEN-US link=3Dblue vlink=3Dpurple> <div class=3DSection1><pre><font size=3D2 face=3D"Courier New"><span style=3D'font-size:10.0pt'>Sorry, I sent the last message prematurely = (damn hotkeys).<o:p></o:p></span></font></pre><pre><font size=3D2 face=3D"Courier New"><span = style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><fon= t size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'>We currently use the = following options to get around the IE SSL = bug:</span></font><o:p></o:p></pre><pre><font size=3D2 face=3D"Courier New"><span = style=3D'font-size:10.0pt'><o:p> </o:p></span></font></pre><pre><fon= t size=3D2 face=3D"Courier New"><span style=3D'font-size:10.0pt'>SetEnvIf = User-Agent ".*MSIE.*" = \<o:p></o:p></span></font></pre><pre><font size=3D2 face=3D"Courier New"><span = style=3D'font-size:10.0pt'> & nbsp;&nbs= p; nokeepalive ssl-unclean-shutdown = \<o:p></o:p></span></font></pre><pre><font size=3D2 face=3D"Courier New"><span = style=3D'font-size:10.0pt'> & nbsp;&nbs= p; downgrade-1.0 force-response-1.0<o:p></o:p></span></font></pre> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>We also wish to use X509 client authentication, and = my concern is that these directives will cause the client certification verification, and indeed the entire SSL session negotiation, to be = performed anew with every single request. Is this performance hit a = reality?<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Thanks,<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Rich<o:p></o:p></span></font></p> </div> </body> </html> ------_=_NextPart_001_01C797D8.25FF0BDA-- __________________________________________________ ____________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majordomo@modssl.org 
|
Linear Mode
