Re: Browser security type

This WebDNA talk-list message is from

2000

It keeps the original formatting. numero = 31869
interpreted = N
texte = Thank you for you help, John. I hadn't really thought about that being an SSL standardsviolation. I guess you assume that if they built it into their server software, then it'sa-ok. Wow.-RWJohn Peacock wrote:> OK, that's a new one on me. I don't think there is a way in WebSite to> force the server to only use 128 bit encryption. In fact, I wouldn't be> suprised to find out it violates SSL protocol definitions. I just> checked and see that IIS allows you to require 128-bit connections,> which just proves my point about it violating standards! ;~)>> But, there is no telling some clients the difference between a session> key vs. long term use key (i.e. 56-bit is fine for SSL). I think your> only hope is to talk to WebStar; this is likely to be only available in> the programming API (very low level stuff). Perhaps there is a custom> error message redirect that you could use to point the 56-bit browsers> towards.>> John Peacock>> Robert Wade wrote:> >> > Thanks for your reply John. I should have given more details. I'm using WebStar> > 4.2/WebCat 3.08 on Mac OS 9.04.> > What you're saying is true if you set your encryption options in WebStar for your 128 bit> > certificate to communicate at all levels of encryption. We use 56 bit certificates for> > most secure areas on the server, but for this application our client requires us to use> > 128 bit, so we set our encryption options to communicate at only 128 bit for this> > certificate. Anyone using a standard browser will get an error about the encryption> > algorithms. My goal here was to give the users a little knowledge about this and their> > browser type before they receive the error and start emailing the client saying that the> > site doesn't work (as you know, the general web surfing public usually doesn't understand> > how SSL works and most won't figure out this error on their own). I saw a site once use> > a cgi application for browser security compatibility, but I can't find anything anywhere.> >> > Again, thank you for your reply!> >> > -RW> >> > John Peacock wrote:> >> > > I don't understand what you are asking for; when a browser negotiates> > > with a server, they find the highest level of security they can agree> > > upon. In other words, if you are using an US export version of> > > Netscape, and the server has a 128 bit server cert (not a Super Cert),> > > the server will communicate with the browser using only 56 bits. The> > > export restrictions are going away now anyway; O'Reilly already has a> > > 128 bit international version of WebSite available for download. And> > > if you are really concerned, you can get a Super Cert, which will> > > upgrade the client on the fly to support 128 bits.> > >> > > John Peacock> > >> > > Robert Wade wrote:> > > >> > > > Been to the archives and no luck...> > > >> > > > Does anyone know of a way (preferrably WebCatalog, but open to other> > > > options) for a visitor to a site to test their browser to see if it is> > > > 128 bit?> > > >> > > > I've got several areas of a site that are 128 bit, and I want users to> > > > be able to click a test your browser link or button and get a response> > > > back on their security type, before they attempt to enter these areas.> > > >> > > > Thank You,> > > >> > > > Robert Wade> > > > CABIN6 Design> > > >> > > > |[ //\ ||} || ||\| V|> > > >> > > > robert@cabin6.com> > > >> > > > -------------------------------------------------------------> > > > This message is sent to you because you are subscribed to> > > > the mailing list .> > > > To unsubscribe, E-mail to: > > > > To switch to the DIGEST mode, E-mail to > > > > Web Archive of this list is at: http://search.smithmicro.com/> > >> > > -------------------------------------------------------------> > > This message is sent to you because you are subscribed to> > > the mailing list .> > > To unsubscribe, E-mail to: > > > To switch to the DIGEST mode, E-mail to > > > Web Archive of this list is at: http://search.smithmicro.com/> >> > -------------------------------------------------------------> > This message is sent to you because you are subscribed to> > the mailing list .> > To unsubscribe, E-mail to: > > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://search.smithmicro.com/>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > Web Archive of this list is at: http://search.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

Re: Browser security type (Robert Wade 2000)
Re: Browser security type (John Peacock 2000)
Re: Browser security type (Robert Wade 2000)
Re: Browser security type (John Peacock 2000)
Browser security type (Robert Wade 2000)

Thank you for you help, John. I hadn't really thought about that being an SSL standardsviolation. I guess you assume that if they built it into their server software, then it'sa-ok. Wow.-RWJohn Peacock wrote:> OK, that's a new one on me. I don't think there is a way in WebSite to> force the server to only use 128 bit encryption. In fact, I wouldn't be> suprised to find out it violates SSL protocol definitions. I just> checked and see that IIS allows you to require 128-bit connections,> which just proves my point about it violating standards! ;~)>> But, there is no telling some clients the difference between a session> key vs. long term use key (i.e. 56-bit is fine for SSL). I think your> only hope is to talk to WebStar; this is likely to be only available in> the programming API (very low level stuff). Perhaps there is a custom> error message redirect that you could use to point the 56-bit browsers> towards.>> John Peacock>> Robert Wade wrote:> >> > Thanks for your reply John. I should have given more details. I'm using WebStar> > 4.2/WebCat 3.08 on Mac OS 9.04.> > What you're saying is true if you set your encryption options in WebStar for your 128 bit> > certificate to communicate at all levels of encryption. We use 56 bit certificates for> > most secure areas on the server, but for this application our client requires us to use> > 128 bit, so we set our encryption options to communicate at only 128 bit for this> > certificate. Anyone using a standard browser will get an error about the encryption> > algorithms. My goal here was to give the users a little knowledge about this and their> > browser type before they receive the error and start emailing the client saying that the> > site doesn't work (as you know, the general web surfing public usually doesn't understand> > how SSL works and most won't figure out this error on their own). I saw a site once use> > a cgi application for browser security compatibility, but I can't find anything anywhere.> >> > Again, thank you for your reply!> >> > -RW> >> > John Peacock wrote:> >> > > I don't understand what you are asking for; when a browser negotiates> > > with a server, they find the highest level of security they can agree> > > upon. In other words, if you are using an US export version of> > > Netscape, and the server has a 128 bit server cert (not a Super Cert),> > > the server will communicate with the browser using only 56 bits. The> > > export restrictions are going away now anyway; O'Reilly already has a> > > 128 bit international version of WebSite available for download. And> > > if you are really concerned, you can get a Super Cert, which will> > > upgrade the client on the fly to support 128 bits.> > >> > > John Peacock> > >> > > Robert Wade wrote:> > > >> > > > Been to the archives and no luck...> > > >> > > > Does anyone know of a way (preferrably WebCatalog, but open to other> > > > options) for a visitor to a site to test their browser to see if it is> > > > 128 bit?> > > >> > > > I've got several areas of a site that are 128 bit, and I want users to> > > > be able to click a test your browser link or button and get a response> > > > back on their security type, before they attempt to enter these areas.> > > >> > > > Thank You,> > > >> > > > Robert Wade> > > > CABIN6 Design> > > >> > > > |[ //\ ||} || ||\| V|> > > >> > > > robert@cabin6.com> > > >> > > > -------------------------------------------------------------> > > > This message is sent to you because you are subscribed to> > > > the mailing list .> > > > To unsubscribe, E-mail to: > > > > To switch to the DIGEST mode, E-mail to > > > > Web Archive of this list is at: http://search.smithmicro.com/> > >> > > -------------------------------------------------------------> > > This message is sent to you because you are subscribed to> > > the mailing list .> > > To unsubscribe, E-mail to: > > > To switch to the DIGEST mode, E-mail to > > > Web Archive of this list is at: http://search.smithmicro.com/> >> > -------------------------------------------------------------> > This message is sent to you because you are subscribed to> > the mailing list .> > To unsubscribe, E-mail to: > > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://search.smithmicro.com/>> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > Web Archive of this list is at: http://search.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Robert Wade

DOWNLOAD WEBDNA NOW!

Re: Browser security type

2000

Top Articles:

Related Readings: