Comments on: Dear Apache Software Foundation: FIX THE MSIE SSL KEEPALIVE SETTINGS!

By: Kenneth

Kenneth — Tue, 15 Nov 2011 01:58:56 +0000

Try this on Rejex validator (http://rejex.heroku.com) and it should pass for particular version of IE, especially verion 6:

#Beware of backward slash plus double dots
BrowserMatch “.*MSIE [2-5]\..*” \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

#IE6 or above should work fine in responding HTTP/1.1 directly
BrowserMatch “.*MSIE [6-9]\..*” ssl-unclean-shutdown

By: IEからApacheへSSL通信をすると重くなる処理を改善する｜ Classmethod.dev('beta')

IEからApacheへSSL通信をすると重くなる処理を改善する｜ Classmethod.dev('beta') — Wed, 02 Nov 2011 09:20:53 +0000

[...] Dear Apache Software Foundation: FIX THE MSIE SSL KEEPALIVE SETTINGS! [...]

By: Relying on Web Performance Monitoring to Discover Release Problems | Catchpoint Blog on Web Performance Monitoring

Mon, 28 Mar 2011 22:37:50 +0000

[...] It seems like one of the applications rolled-out on their latest release either contained a bug, miss-configuration, or unintended feature – which disable HTTP 1.1 for User Agents containing “MSIE” string. The issue was due to an old Apache configuration which forced HTTP 1.0 and No Keep Alive for browser… [...]

By: HTTPS and Keep-Alive Connections - MSDN Blogs

HTTPS and Keep-Alive Connections - MSDN Blogs — Sat, 26 Mar 2011 21:01:00 +0000

[...] years ago, there was a public call to update the guidance to reflect the fact that users of more modern browsers were paying an [...]

By: Ken

Ken — Tue, 14 Dec 2010 23:46:00 +0000

It looks like the regex for your fix will break for IE10.0

221 BrowserMatch “.*MSIE [1-5].*”
222 nokeepalive ssl-unclean-shutdown
223 downgrade-1.0 force-response-1.0

By: Joel

Joel — Mon, 22 Nov 2010 17:22:00 +0000

I’m a bit surprised that the Apache software foundation would make these changes on an article that the author admits he doesn’t know if the problem exists.

By: Stephen Pierzchala

Stephen Pierzchala — Wed, 21 Jul 2010 08:25:22 +0000

For all us in Web performance, I thank you!smp

By: Your Name

Your Name — Wed, 21 Jul 2010 04:51:58 +0000

Fixed in http://svn.apache.org/viewvc?view=revision&revi...It should come out in the next 2.3.x release, and (should) be backported to 2.2.x soon.Delayed? Yeah. It took somebody to point out this blog post. I hadn't heard of the issue (logged in our tracker as #49484).

By: PatrickN

PatrickN — Fri, 23 Oct 2009 03:47:37 +0000

I totally agree with you that the developers of the Apache Web server creates a great product despite of the fact that sometimes it makes some small mistakes like you mentioned. I hope that it would never happen again in the future. Well I have to find out if they have fixed this problem. Btw thanks for the interesting post!Sincerely, Craig Barteson from software application development

By: Scooter Hanson

Scooter Hanson — Tue, 28 Apr 2009 19:08:21 +0000

I'm glad to see you exclude nokeepalive. With a setup including an OCSP responder, that nokeepalive flag kills us with multiple pki cert validation requests per page load.