-专注香港服务器租用18年
当前位置:首页 >> 帮助中心 >> 正文

[广深互联技术分享]apache mod_ssl的参数解释

文章作者:客服中心 文章来源:广深互联 发布时间:2014/11/22

This forces an unclean shutdown when the connection is closed, i.e. no

SSL close notify alert is send or allowed to received. This violates

the SSL/TLS standard but is needed for some brain-dead browsers. Use

this when you receive I/O errors because of the standard approach where

mod_ssl sends the close notify alert.

downgrade-1.0 force-response-1.0

理解为当客户端满足条件force-response-1.0的时候downgrade-1.0

当客户端用的是HTTP/1.0运作的时候,不能够用HTTP/1.1运作的时候,downgrade-1.0 是降低HTTP版本的操作。这个是为了保证SSl协议功能的可靠的实现。

参考资料有:

# Notice: Most problems of broken clients are also related to the HTTP

# keep-alive facility, so you usually additionally want to disable

# keep-alive for those clients, too. Use variable "nokeepalive" for this.

# Similarly, one has to force some clients to use HTTP/1.0 to workaround

# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and

# "force-response-1.0" for this.

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

这个可以理解为ssl支持的加密协议。具体可以浏览:http://blogold.chinaunix.net/u/12066/showart_491943.html

<FilesMatch ".(cgi|shtml|phtml|php)$">

SSLOptions +StdEnvVars

</FilesMatch>

<Directory "/usr/local/apache2/cgi-bin">

SSLOptions +StdEnvVars

</Directory>

StdEnvVars 表示建立一个标准的ssl环境。

出自:

出自:广深互联(www.99idc.cn)为您提供专业的服务器租用,服务器托管技术支持



上一篇: [广深互联技术分享]centos setuptool安装
下一篇: 五一劳动节放假通知
--------------------------------------------------------------------------------------------------------------------------------------
最新公告: