Bug#815852: apache2: Obsolete IE configuration cruft should be removed from default-ssl.conf
Package: apache2
Version: 2.4.12-2ubuntu2
Severity: normal
The default-ssl.conf configuration for apache2 contains these lines:
> BrowserMatch "MSIE [2-6]" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
They don't serve any purpose and should be removed.
For IE 2-6:
Upstream uses
> BrowserMatch "MSIE [2-5]" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
in httpd-ssl.conf.in, which excludes IE6.
IE5 and below are rare enough that seems not worth including them
in the default configuration for a new secure web server today.
(I would argue the same is true for IE6.)
For IE 7 and up:
I used an IE7 VM from https://modern.ie/ to connect to a vhost
which didn't enable ssl-unclean-shutdown.
IE7 had no problem with standard connection closes, and nothing
appeared in a debug-level SSL log.
This directive does not appear to be necessary for any more modern
versions of IE.
-- Package-specific info:
-- System Information:
Debian Release: jessie/sid
APT prefers wily-updates
APT policy: (500, 'wily-updates'), (500, 'wily-security'), (500, 'wily')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.2.0-23-generic (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages apache2 depends on:
ii apache2-bin 2.4.12-2ubuntu2
ii apache2-data 2.4.12-2ubuntu2
ii apache2-utils 2.4.12-2ubuntu2
ii dpkg 1.18.2ubuntu5.1
ii lsb-base 4.1+Debian11ubuntu8
ii mime-support 3.58ubuntu1
ii perl 5.20.2-6ubuntu0.1
ii procps 1:3.3.9-1ubuntu8
Versions of packages apache2 recommends:
ii ssl-cert 1.0.37
Versions of packages apache2 suggests:
pn apache2-doc <none>
pn apache2-suexec-pristine | apache2-suexec-custom <none>
ii ufw 0.34-2
pn www-browser <none>
Versions of packages apache2-bin depends on:
ii libapr1 1.5.2-3
ii libaprutil1 1.5.4-1
ii libaprutil1-dbd-sqlite3 1.5.4-1
ii libaprutil1-ldap 1.5.4-1
ii libc6 2.21-0ubuntu4.1
ii libldap-2.4-2 2.4.41+dfsg-1ubuntu2
ii liblua5.1-0 5.1.5-8
ii libpcre3 2:8.35-7.1ubuntu1
ii libssl1.0.0 1.0.2d-0ubuntu1.3
ii libxml2 2.9.2+zdfsg1-4ubuntu0.3
ii perl 5.20.2-6ubuntu0.1
ii zlib1g 1:1.2.8.dfsg-2ubuntu4
Versions of packages apache2-bin suggests:
pn apache2-doc <none>
pn apache2-suexec-pristine | apache2-suexec-custom <none>
pn www-browser <none>
Versions of packages apache2 is related to:
ii apache2 2.4.12-2ubuntu2
ii apache2-bin 2.4.12-2ubuntu2
-- Configuration Files:
/etc/apache2/apache2.conf changed [not included]
/etc/apache2/conf-available/charset.conf changed [not included]
/etc/apache2/conf-available/security.conf changed [not included]
-- no debconf information
Reply to: