From: Stefan Fritsch Date: Mon, 8 Nov 2010 20:43:29 +0000 (+0000) Subject: Note that CRL-querying browsers can have problems with low header timeouts. X-Git-Tag: 2.2.18~304 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7828336ba80bac20f58f6b9ea1d81f8a40d11ba8;p=thirdparty%2Fapache%2Fhttpd.git Note that CRL-querying browsers can have problems with low header timeouts. Add another expamle config git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1032697 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_reqtimeout.xml b/docs/manual/mod/mod_reqtimeout.xml index ca71cc1547f..52567df8ee5 100644 --- a/docs/manual/mod/mod_reqtimeout.xml +++ b/docs/manual/mod/mod_reqtimeout.xml @@ -65,6 +65,16 @@ +
  • + Usually, a server should have both header and body timeouts configured. + If a common configuration is used for http and https virtual hosts, the + timeouts should not be set too low: + + + RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500 + +
    • + @@ -87,8 +97,13 @@ is sent.

    For SSL virtual hosts, the header timeout values include the time needed - to do the initial SSL handshake. The body timeout values include the time - needed for SSL renegotiation (if necessary).

    + to do the initial SSL handshake. If the user's browser is configured to + query certificate revocation lists and the CRL server is not reachable, the + initial SSL handshake may take a significant time until the browser gives up + waiting for the CRL. Therefore the header timeout values should not be set + to very low values for SSL virtual hosts. + The body timeout values include the time needed for SSL renegotiation + (if necessary).

    When an AcceptFilter is in use (usually the case on Linux and FreeBSD), the socket is not sent to the