Dear Apache Software Foundation: FIX THE MSIE SSL KEEPALIVE SETTINGS!

In: Software| Technology| Web Performance| WebPerformance.Org| Work

6 Jun 2007

Dear Apache Software Foundation, and the developers of the Apache Web server:

I would like to thank you for developing a great product. I rely on it daily to host my own sites, and a large number of people on the Internet seem to share my love of this software.

However, it appears that you seem to want to maintain a simple flaw in your logic that continues to make me crazy. I am a Web performance analyst, and at least once a week I sigh, and shake my head whenever I stoop to use Microsoft Internet Explorer (MSIE) to visit secure sites.

I seems that in your SSL configurations, you continue to assume that ALL versions of MSIE can’t handle persistent connections under SSL/TLS.

Is this true? Is a bug initially caught in MSIE 5.x (5.0??) still valid for MSIE 6.0/7.0?

The short answer is: I don’t know.

It seems that no one in the Apache server team has bothered to go back and see if the current versions of MSIE — we are trying to track down the last three people use MSIE 5.x and help them — still share this problem.

In the meantime, can you change your SSL exclusion RegEx to something more, relevant for 2007?

Current RegEx:

SetEnvIf User-Agent ".*MSIE.*" nokeepalive
	ssl-unclean-shutdown
	downgrade-1.0 force-response-1.0

Relvant, updated REGEX:

SetEnvIf User-Agent ".*MSIE [1-5].*"
	nokeepalive ssl-unclean-shutdown
	downgrade-1.0 force-response-1.0
SetEnvIf User-Agent ".*MSIE [6-9].*"
	ssl-unclean-shutdown

Please? PLEASE? It’s so easy…and would solve so many performance problems…

Please?

Thank you.

Tags: , , , , , ,

Spread the Love:
  • Facebook
  • Twitter
  • Ping.fm
  • Digg
  • StumbleUpon
  • LinkedIn
  • Reddit
  • Slashdot
  • Netvouz
  • Identi.ca
  • Technorati
  • del.icio.us
  • email

Related Posts

  • hey steve,
    you should file a bug about it.

    personally I can't verify it as I don't run windows. but in general the httpd project is more conservative than performance focused.
  • bwg
    This change fixed a problem we had after a patch update to apache resulted in IE clients not being able to access one of our enterprise Java apps over SSL through an ISA firewall.
    The error seen in the ISA logs was:
    Error Code: 500 Internal Server error. The context has expired and can no longer be used. (-2146893033)
    By changing ssl.conf to only specify ssl-unclean-shutdown for MSIE 6+, the IE clients were able to use the application without errors.
  • Anonymous
    YEAHHHHHHHHH this is plain stupid and old age! Someone needs to look at this now!
  • Andreas Lange
    Sadly, it seems even IE7 can't do things properly - we'll have to keep going with nokeepalive even longer.

    Here is a text tracking down AJAX issues in IE7 to keepalive: http://qfox.nl/notes?1
  • Scooter Hanson
    I'm glad to see you exclude nokeepalive. With a setup including an OCSP responder, that nokeepalive flag kills us with multiple pki cert validation requests per page load.
  • PatrickN
    I totally agree with you that the developers of the Apache Web server creates a great product despite of the fact that sometimes it makes some small mistakes like you mentioned. I hope that it would never happen again in the future. Well I have to find out if they have fixed this problem. Btw thanks for the interesting post!

    Sincerely,

    Craig Barteson from software application development
blog comments powered by Disqus

About this blog

Stephen Pierzchala is one of a 10-year veteran of the Web performance field who also writes on topics that interest his non-linear world-view.

Contact

stephen@pierzchala.com

+1 (508) 410-3865

Copyright © 2007 - Newest Industry - is proudly powered by WordPress | Log in

Compositio Theme is created by: Design Disease brought to you by PremiumThemes.com