[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: SSL compatibility issues

To: Scott_Schenkein@ccnotes.ccity.com
Subject: Re: SSL compatibility issues
From: Erik Aase-Remedios <erik@fourfish.com>
Date: Tue, 17 Aug 1999 14:02:35 -0400 (EDT)
cc: minivend-users@minivend.com
In-Reply-To: <852567D0.0053D3A8.00@danube.ccity.com>

The key issue is which browsers are compatible with your server SSL
certificate.  There are a number of encryption schemes (like "RC4
encryption with a 128-bit key and an MD5 MAC" or "DES encryption in CBC
mode with a 56-bit key and a SHA-1 MAC") which browsers and servers can
support.  But this isn't really the issue as your web server and their
browser will negotiate to use the highest level supported by both.  If a
browser doesn't suppoty SSL v3.0 then the communication should fall back
to SSL v2.0.

To find out which browsers are compatible with Thawte certificates go to
<http://www.thawte.com/certs/server/browsers.html>.
To find out which browsers support Verisign certificates go to
<http://www.verisign.com/server/prg/browser/matrix.html>. 
For specific capabilities of AOL browsers go to
<http://webmaster.info.aol.com/browsers.html>.

To find out what environment variables you have available you will have to
test your server with a https://... request.  Create a CGI that echos all
the environment variables (Apache comes with a script in it's cgi-bin
called printenv by default)  and look at it's output.  You will see things
like the following: 
	SSL_CIPHER:	RC4-MD5
	SSL_CIPHER_USEKEYSIZE:	128
	SSL_PROTOCOL:	SSLv3
You could check these, but it's kind of academic at this point as the
server and browser have already agreed on what to use and are already
talking to each other.

As far as looking at the HTTPS headers, I'd advise letting your web server
take care of it.  If you detect that a browser isn't going to support any
of the ciphers that your server can use, there's not much you can do about
it. 

Maybe you could state why you want to know these things to clarify the
issue. 

-Erik

On Tue, 17 Aug 1999 Scott_Schenkein@ccnotes.ccity.com wrote:

> ******    message to minivend-users from Scott_Schenkein@ccnotes.ccity.com     ******
> Hello All,
> 
> I have a couple questions about ssl compatibility in browsers for those of you
> that are up to speed on this topic.
> 
> 1) What browsers cannot handle SSL v3.0 (aol???)
> 2) Is there a way to parse http headers to help tell what version of ssl the
> browser in question uses??
> 
> Thank you for your help.  Please respond directly to me as well as to the group.
> 
> Scott Schenkein
> -------------------------------------
> CEO, Integrated Data Solutions, LLC.
> http://www.vidg.com

References:
- SSL compatibility issues
  - From: Scott_Schenkein@ccnotes.ccity.com

Prev by Date: Re: <<EOF
Next by Date: Re: INDEX and [area scan
Prev by thread: Re: SSL compatibility issues
Next by thread: How to cycle through fields?
Index(es):
- Date
- Thread