Re: Browser security type

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 31867
interpreted = N
texte = OK, that's a new one on me. I don't think there is a way in WebSite to force the server to only use 128 bit encryption. In fact, I wouldn't be suprised to find out it violates SSL protocol definitions. I just checked and see that IIS allows you to require 128-bit connections, which just proves my point about it violating standards! ;~)But, there is no telling some clients the difference between a session key vs. long term use key (i.e. 56-bit is fine for SSL). I think your only hope is to talk to WebStar; this is likely to be only available in the programming API (very low level stuff). Perhaps there is a custom error message redirect that you could use to point the 56-bit browsers towards.John PeacockRobert Wade wrote: > > Thanks for your reply John. I should have given more details. I'm using WebStar > 4.2/WebCat 3.08 on Mac OS 9.04. > What you're saying is true if you set your encryption options in WebStar for your 128 bit > certificate to communicate at all levels of encryption. We use 56 bit certificates for > most secure areas on the server, but for this application our client requires us to use > 128 bit, so we set our encryption options to communicate at only 128 bit for this > certificate. Anyone using a standard browser will get an error about the encryption > algorithms. My goal here was to give the users a little knowledge about this and their > browser type before they receive the error and start emailing the client saying that the > site doesn't work (as you know, the general web surfing public usually doesn't understand > how SSL works and most won't figure out this error on their own). I saw a site once use > a cgi application for browser security compatibility, but I can't find anything anywhere. > > Again, thank you for your reply! > > -RW > > John Peacock wrote: > > > I don't understand what you are asking for; when a browser negotiates > > with a server, they find the highest level of security they can agree > > upon. In other words, if you are using an US export version of > > Netscape, and the server has a 128 bit server cert (not a Super Cert), > > the server will communicate with the browser using only 56 bits. The > > export restrictions are going away now anyway; O'Reilly already has a > > 128 bit international version of WebSite available for download. And > > if you are really concerned, you can get a Super Cert, which will > > upgrade the client on the fly to support 128 bits. > > > > John Peacock > > > > Robert Wade wrote: > > > > > > Been to the archives and no luck... > > > > > > Does anyone know of a way (preferrably WebCatalog, but open to other > > > options) for a visitor to a site to test their browser to see if it is > > > 128 bit? > > > > > > I've got several areas of a site that are 128 bit, and I want users to > > > be able to click a test your browser link or button and get a response > > > back on their security type, before they attempt to enter these areas. > > > > > > Thank You, > > > > > > Robert Wade > > > CABIN6 Design > > > > > > |[ //\ ||} || ||\| V| > > > > > > robert@cabin6.com > > > > > > ------------------------------------------------------------- > > > This message is sent to you because you are subscribed to > > > the mailing list . > > > To unsubscribe, E-mail to: > > > To switch to the DIGEST mode, E-mail to > > > Web Archive of this list is at: http://search.smithmicro.com/ > > > > ------------------------------------------------------------- > > This message is sent to you because you are subscribed to > > the mailing list . > > To unsubscribe, E-mail to: > > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://search.smithmicro.com/ > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > Web Archive of this list is at: http://search.smithmicro.com/------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Browser security type (Robert Wade 2000)
  2. Re: Browser security type (John Peacock 2000)
  3. Re: Browser security type (Robert Wade 2000)
  4. Re: Browser security type (John Peacock 2000)
  5. Browser security type (Robert Wade 2000)
OK, that's a new one on me. I don't think there is a way in WebSite to force the server to only use 128 bit encryption. In fact, I wouldn't be suprised to find out it violates SSL protocol definitions. I just checked and see that IIS allows you to require 128-bit connections, which just proves my point about it violating standards! ;~)But, there is no telling some clients the difference between a session key vs. long term use key (i.e. 56-bit is fine for SSL). I think your only hope is to talk to WebStar; this is likely to be only available in the programming API (very low level stuff). Perhaps there is a custom error message redirect that you could use to point the 56-bit browsers towards.John PeacockRobert Wade wrote: > > Thanks for your reply John. I should have given more details. I'm using WebStar > 4.2/WebCat 3.08 on Mac OS 9.04. > What you're saying is true if you set your encryption options in WebStar for your 128 bit > certificate to communicate at all levels of encryption. We use 56 bit certificates for > most secure areas on the server, but for this application our client requires us to use > 128 bit, so we set our encryption options to communicate at only 128 bit for this > certificate. Anyone using a standard browser will get an error about the encryption > algorithms. My goal here was to give the users a little knowledge about this and their > browser type before they receive the error and start emailing the client saying that the > site doesn't work (as you know, the general web surfing public usually doesn't understand > how SSL works and most won't figure out this error on their own). I saw a site once use > a cgi application for browser security compatibility, but I can't find anything anywhere. > > Again, thank you for your reply! > > -RW > > John Peacock wrote: > > > I don't understand what you are asking for; when a browser negotiates > > with a server, they find the highest level of security they can agree > > upon. In other words, if you are using an US export version of > > Netscape, and the server has a 128 bit server cert (not a Super Cert), > > the server will communicate with the browser using only 56 bits. The > > export restrictions are going away now anyway; O'Reilly already has a > > 128 bit international version of WebSite available for download. And > > if you are really concerned, you can get a Super Cert, which will > > upgrade the client on the fly to support 128 bits. > > > > John Peacock > > > > Robert Wade wrote: > > > > > > Been to the archives and no luck... > > > > > > Does anyone know of a way (preferrably WebCatalog, but open to other > > > options) for a visitor to a site to test their browser to see if it is > > > 128 bit? > > > > > > I've got several areas of a site that are 128 bit, and I want users to > > > be able to click a test your browser link or button and get a response > > > back on their security type, before they attempt to enter these areas. > > > > > > Thank You, > > > > > > Robert Wade > > > CABIN6 Design > > > > > > |[ //\ ||} || ||\| V| > > > > > > robert@cabin6.com > > > > > > ------------------------------------------------------------- > > > This message is sent to you because you are subscribed to > > > the mailing list . > > > To unsubscribe, E-mail to: > > > To switch to the DIGEST mode, E-mail to > > > Web Archive of this list is at: http://search.smithmicro.com/ > > > > ------------------------------------------------------------- > > This message is sent to you because you are subscribed to > > the mailing list . > > To unsubscribe, E-mail to: > > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://search.smithmicro.com/ > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > Web Archive of this list is at: http://search.smithmicro.com/------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ John Peacock

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Problem (1997) Where is f2? (1997) Never ending problem.... (2000) Search crashing server (1998) [WebDNA] Test (2008) Date Time Oddness (1999) FAX orders (1996) date pref (1999) page redirect in webDNA (1997) Date math (1997) WebCatalog for guestbook ? (1997) HELP WITH DATES (1997) WebMerchant 1.6 and https (1997) The 10 Mistakes Most Men Make With Women (2006) listfiles shows invisible files ... (1999) errormessages.db (1997) Odd error in logs (1998) Up and running ... at last !! (1997) Installing Web DNA 5.1 on a MAC (2004) Signal Raised (1997)