[thelist] best OpenSSL workarounds for IE bugs?

Liam Delahunty liam at megaproducts.co.uk
Fri Jun 25 11:52:56 CDT 2004

on 25/06/2004 17:03 sbeam said the following:

> If you don't know what I'm talking about here is the canonical FAQ item:
> http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49

Doubt if this is perfect, but here's what I have...
(in the httpd.conf, for me line 283

# global ssl setup
<IfModule mod_ssl.c>
SSLSessionCache         dbm:/var/log/httpd/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex                file:/var/log/httpd/ssl_mutex
SSLRandomSeed startup   file:/dev/urandom 512
SSLRandomSeed connect   builtin
# Location of a secondary signing authority certificate. Uncomment and edit
# the location if necessary if you install a secondary certificate.
#SSLCACertificateFile /etc/httpd/conf/ca-bundle
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

Hope that helps. I'm running a cobalt raq, which is essentially Red Hat 
6, if that makes any difference.

Kind regards, Liam Delahunty, Mega Products Ltd

More information about the thelist mailing list