-专注香港服务器租用18年
当前位置:首页 >> 帮助中心 >> 正文

[广深互联技术分享]apache mod_ssl的参数解释

文章作者:客服中心 文章来源:广深互联 发布时间:2014/11/22

SetEnvIf User-Agent ".*MSIE.*"

nokeepalive ssl-unclean-shutdown

downgrade-1.0 force-response-1.0

BrowserMatch "Mozilla/2" nokeepalive

BrowserMatch "RealPlayer 4.0" force-response-1.0

BrowserMatch "Java/1.0" force-response-1.0

BrowserMatch "JDK/1.0" force-response-1.0

SetEnvIf语法=BrowserMatch

不同浏览器有不同的问题存在,根据浏览器问题更改标准的HTTP应答行为

user-agent

用户代理是指浏览器,它的信息包括硬件平台、系统软件、应用软件和用户个人偏好.用户代理,它还包括搜索引擎。

".*MSIE.*"

Microsoft Internet Explorer,简称MSIE

nokeepalive ssl-unclean-shutdown

理解为当客户端满足条件ssl-unclean-shutdown的时候,用nokeepalive来处理,这个是为了保证SSl协议功能的可靠的实现

MSIE中有些版本的浏览器存在,当连接被关闭导致ssl不够干净的关闭,而浏览器不会发送这样的报告,用了ssl-unclean-shutdown这个参数的的话,当违反了SSL/TLS协议的话可以获得报错的通知。

当ssl不够洁净的关闭时使用nokeepalive,让浏览器keep-alive的功能关闭。

参考资料有:

ssl-unclean-shutdown:

This forces an unclean shutdown when the connection is closed, i.e. no

SSL close notify alert is send or allowed to received. This violates

the SSL/TLS standard but is needed for some brain-dead browsers. Use

this when you receive I/O errors because of the standard approach where

mod_ssl sends the close notify alert.

downgrade-1.0 force-response-1.0

理解为当客户端满足条件force-response-1.0的时候downgrade-1.0

当客户端用的是HTTP/1.0运作的时候,不能够用HTTP/1.1运作的时候,downgrade-1.0 是降低HTTP版本的操作。这个是为了保证SSl协议功能的可靠的实现。

参考资料有:

# Notice: Most problems of broken clients are also related to the HTTP

# keep-alive facility, so you usually additionally want to disable

# keep-alive for those clients, too. Use variable "nokeepalive" for this.

# Similarly, one has to force some clients to use HTTP/1.0 to workaround

# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and

# "force-response-1.0" for this.

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

这个可以理解为ssl支持的加密协议。具体可以浏览:http://blogold.chinaunix.net/u/12066/showart_491943.html

<FilesMatch ".(cgi|shtml|phtml|php)$">

SSLOptions +StdEnvVars

</FilesMatch>

<Directory "/usr/local/apache2/cgi-bin">

SSLOptions +StdEnvVars

</Directory>

StdEnvVars 表示建立一个标准的ssl环境。

出自:广深互联(www.99idc.cn)为您提供专业的服务器租用,服务器托管技术支持



上一篇: [广深互联技术分享]centos setuptool安装
下一篇: 五一劳动节放假通知
--------------------------------------------------------------------------------------------------------------------------------------
最新公告: