Limit badness only to IE2-5. See

http://blogs.msdn.com/b/ieinternals/archive/2011/03/26/https-and-connection-close-is-your-apache-modssl-server-configuration-set-to-slow.aspx
for more information. Found by zawadaa.

diff --git a/apache-mod_ssl.conf b/apache-mod_ssl.conf
index da433b1af225f28869bb8a30d28d212c6e6cbbee..2acff5b49c90eaf1d613ae6debc1eab1279cf1e1 100644 (file)
--- a/apache-mod_ssl.conf
+++ b/apache-mod_ssl.conf
@@ -223,7 +223,7 @@ SSLCertificateKeyFile /etc/httpd/ssl/server.key
 #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
 #   "force-response-1.0" for this.
 <IfModule mod_setenvif.c>
-       BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
+       BrowserMatch ".*MSIE [2-5]\..*" \ nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
 </IfModule>
 
 #   Per-Server Logging: