1 |
Zhang Weiwu wrote: |
2 |
> I think I have to give up only using TLS, but use SSL instead. Most of |
3 |
> my visitors to my site are using Internet Explorer, but I just tried and |
4 |
> found (by surprise) Internet Explorer 6 by default does not allow TLS |
5 |
> connection. The users must go to Internet Options -> Advanced -> Enable |
6 |
> TLS 1.0 connection. I know well my visitors are too stupid to do this, |
7 |
> and in Internet Cafe people have no access to Internet Options. |
8 |
> |
9 |
> But why? Why IE6 choose not to use TLS by default? Are they really |
10 |
> stupid or something? |
11 |
|
12 |
The client and the server negotiate to find a common method to encrypt |
13 |
communications. If TLS is available to both then there is a possibility |
14 |
that it will be used. However, most browsers/email clients/whatever come |
15 |
with the least restrictive set of ciphers and methods enabled, for |
16 |
backwards compatability. So you may find that you have your site set up |
17 |
properly but the client will end up using 40 bit SSLv2, even though it |
18 |
is totally insecure these days (to be technical, it was busted from the |
19 |
get go). Check out the mod_ssl modules in your |
20 |
/etc/apache/conf/modules.d directory for more details on what you can do |
21 |
to provide high quality encryption service to your customers. |
22 |
|
23 |
Dave |