Re: Browser security type
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 31869
interpreted = N
texte = Thank you for you help, John. I hadn't really thought about that being an SSL standardsviolation. I guess you assume that if they built it into their server software, then it'sa-ok. Wow.-RWJohn Peacock wrote:> OK, that's a new one on me. I don't think there is a way in WebSite to> force the server to only use 128 bit encryption. In fact, I wouldn't be> suprised to find out it violates SSL protocol definitions. I just> checked and see that IIS allows you to require 128-bit connections,> which just proves my point about it violating standards! ;~)>> But, there is no telling some clients the difference between a session> key vs. long term use key (i.e. 56-bit is fine for SSL). I think your> only hope is to talk to WebStar; this is likely to be only available in> the programming API (very low level stuff). Perhaps there is a custom> error message redirect that you could use to point the 56-bit browsers> towards.>> John Peacock>> Robert Wade wrote:> >> > Thanks for your reply John. I should have given more details. I'm using WebStar> > 4.2/WebCat 3.08 on Mac OS 9.04.> > What you're saying is true if you set your encryption options in WebStar for your 128 bit> > certificate to communicate at all levels of encryption. We use 56 bit certificates for> > most secure areas on the server, but for this application our client requires us to use> > 128 bit, so we set our encryption options to communicate at only 128 bit for this> > certificate. Anyone using a standard browser will get an error about the encryption> > algorithms. My goal here was to give the users a little knowledge about this and their> > browser type before they receive the error and start emailing the client saying that the> > site doesn't work (as you know, the general web surfing public usually doesn't understand> > how SSL works and most won't figure out this error on their own). I saw a site once use> > a cgi application for browser security compatibility, but I can't find anything anywhere.> >> > Again, thank you for your reply!> >> > -RW> >> > John Peacock wrote:> >> > > I don't understand what you are asking for; when a browser negotiates> > > with a server, they find the highest level of security they can agree> > > upon. In other words, if you are using an US export version of> > > Netscape, and the server has a 128 bit server cert (not a Super Cert),> > > the server will communicate with the browser using only 56 bits. The> > > export restrictions are going away now anyway; O'Reilly already has a> > > 128 bit international version of WebSite available for download. And> > > if you are really concerned, you can get a Super Cert, which will> > > upgrade the client on the fly to support 128 bits.> > >> > > John Peacock> > >> > > Robert Wade wrote:> > > >> > > > Been to the archives and no luck...> > > >> > > > Does anyone know of a way (preferrably WebCatalog, but open to other> > > > options) for a visitor to a site to test their browser to see if it is> > > > 128 bit?> > > >> > > > I've got several areas of a site that are 128 bit, and I want users to> > > > be able to click a test your browser link or button and get a response> > > > back on their security type, before they attempt to enter these areas.> > > >> > > > Thank You,> > > >> > > > Robert Wade> > > > CABIN6 Design> > > >> > > > |[ //\ ||} || ||\| V|> > > >> > > > robert@cabin6.com> > > >> > > > -------------------------------------------------------------> > > > This message is sent to you because you are subscribed to> > > > the mailing list
.> > > > To unsubscribe, E-mail to: > > > > To switch to the DIGEST mode, E-mail to > > > > Web Archive of this list is at: http://search.smithmicro.com/> > >> > > -------------------------------------------------------------> > > This message is sent to you because you are subscribed to> > > the mailing list .> > > To unsubscribe, E-mail to: > > > To switch to the DIGEST mode, E-mail to > > > Web Archive of this list is at: http://search.smithmicro.com/> >> > -------------------------------------------------------------> > This message is sent to you because you are subscribed to> > the mailing list .> > To unsubscribe, E-mail to: > > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://search.smithmicro.com/>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > Web Archive of this list is at: http://search.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Thank you for you help, John. I hadn't really thought about that being an SSL standardsviolation. I guess you assume that if they built it into their server software, then it'sa-ok. Wow.-RWJohn Peacock wrote:> OK, that's a new one on me. I don't think there is a way in WebSite to> force the server to only use 128 bit encryption. In fact, I wouldn't be> suprised to find out it violates SSL protocol definitions. I just> checked and see that IIS allows you to require 128-bit connections,> which just proves my point about it violating standards! ;~)>> But, there is no telling some clients the difference between a session> key vs. long term use key (i.e. 56-bit is fine for SSL). I think your> only hope is to talk to WebStar; this is likely to be only available in> the programming API (very low level stuff). Perhaps there is a custom> error message redirect that you could use to point the 56-bit browsers> towards.>> John Peacock>> Robert Wade wrote:> >> > Thanks for your reply John. I should have given more details. I'm using WebStar> > 4.2/WebCat 3.08 on Mac OS 9.04.> > What you're saying is true if you set your encryption options in WebStar for your 128 bit> > certificate to communicate at all levels of encryption. We use 56 bit certificates for> > most secure areas on the server, but for this application our client requires us to use> > 128 bit, so we set our encryption options to communicate at only 128 bit for this> > certificate. Anyone using a standard browser will get an error about the encryption> > algorithms. My goal here was to give the users a little knowledge about this and their> > browser type before they receive the error and start emailing the client saying that the> > site doesn't work (as you know, the general web surfing public usually doesn't understand> > how SSL works and most won't figure out this error on their own). I saw a site once use> > a cgi application for browser security compatibility, but I can't find anything anywhere.> >> > Again, thank you for your reply!> >> > -RW> >> > John Peacock wrote:> >> > > I don't understand what you are asking for; when a browser negotiates> > > with a server, they find the highest level of security they can agree> > > upon. In other words, if you are using an US export version of> > > Netscape, and the server has a 128 bit server cert (not a Super Cert),> > > the server will communicate with the browser using only 56 bits. The> > > export restrictions are going away now anyway; O'Reilly already has a> > > 128 bit international version of WebSite available for download. And> > > if you are really concerned, you can get a Super Cert, which will> > > upgrade the client on the fly to support 128 bits.> > >> > > John Peacock> > >> > > Robert Wade wrote:> > > >> > > > Been to the archives and no luck...> > > >> > > > Does anyone know of a way (preferrably WebCatalog, but open to other> > > > options) for a visitor to a site to test their browser to see if it is> > > > 128 bit?> > > >> > > > I've got several areas of a site that are 128 bit, and I want users to> > > > be able to click a test your browser link or button and get a response> > > > back on their security type, before they attempt to enter these areas.> > > >> > > > Thank You,> > > >> > > > Robert Wade> > > > CABIN6 Design> > > >> > > > |[ //\ ||} || ||\| V|> > > >> > > > robert@cabin6.com> > > >> > > > -------------------------------------------------------------> > > > This message is sent to you because you are subscribed to> > > > the mailing list .> > > > To unsubscribe, E-mail to: > > > > To switch to the DIGEST mode, E-mail to > > > > Web Archive of this list is at: http://search.smithmicro.com/> > >> > > -------------------------------------------------------------> > > This message is sent to you because you are subscribed to> > > the mailing list .> > > To unsubscribe, E-mail to: > > > To switch to the DIGEST mode, E-mail to > > > Web Archive of this list is at: http://search.smithmicro.com/> >> > -------------------------------------------------------------> > This message is sent to you because you are subscribed to> > the mailing list .> > To unsubscribe, E-mail to: > > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://search.smithmicro.com/>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > Web Archive of this list is at: http://search.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Robert Wade
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
ErrorLog with Linux? (2000)
POST Datamissing? (1998)
Still ignoring the 3.x bugs? (2000)
Help name our technology! I found it (1997)
[WebDNA] I'm stuck... :-( (2009)
docs for WebCatalog2 (1997)
triggers (2003)
Error Lob.db records error message not name (1997)
expire headers in mac305b11 (1999)
no global [username] or [password] displayed ... (1997)
[WebDNA] Data Type Bool (2009)
Help formatting search results w/ table (1997)
document contains no data (1999)
Problems adding stuff to the shopping cart. (1997)
RAM problems, [appendfile] problems (1998)
[redirect] w/o showing args? (1999)
[OT] Discussion forum, last visit, Cookie, ... (2003)
Separate SSL Server (1997)
WebCommerce: Folder organization ? (1997)
WebCat editing, SiteGuard & SiteEdit (1997)