Hunter Strategies LLC logo

Microsoft News Tracker

What's more interesting than observing Microsoft?

October 27, 2005

HTTPS implementation changes coming in IE7

Posted by David Hunter at 2:45 PM ET.

Eric Lawrence provides the details at the Microsoft Internet Explorer Weblog:

In the past, we’ve called upon website operators to ensure they are using HTTPS securely. This time, I’d like to tell you about the changes IE7 has made to improve the security and user experience for HTTPS connections.

HTTPS uses encryption to secure your Internet traffic to protect it from snooping or tampering by others on the network. HTTPS uses either the Secure Sockets Layer (SSL) or the Transport Layer Security (TLS) protocols to protect data.

For Internet Explorer 7, the default HTTPS protocol settings will be changed to disable the weaker SSLv2 protocol and to enable the stronger TLSv1 protocol.

Generally, IE users will not notice any difference in the user-experience due to this change; it’s a silent improvement in security. Our research indicates that there are only a handful of sites left on the Internet that require SSLv2.

There are also user experience changes when a user hits a site with a problematic certificate (e.g. blocking navigation when the certificate is out of date or has the wrong hostname) and then there’s the old favorite:

In addition, users will no longer see the so-called Mixed-Content prompt, which read: This page contains both secure and nonsecure items. Do you want to see the nonsecure items? IE7 renders only the secure content and offers the user the opportunity to unblock the nonsecure content using the Information Bar. This is an important change because very few users (or web developers) fully understand the security risks of rendering HTTP-delivered content within a HTTPS page.

And thereby they understandably consider the prompt merely an annoyance. Eric also details a number of Vista-only changes including support for Server Name Indication (SNI) to resolve a problem with virtual hosting.

If these all seem a trifle esoteric, the net is that Eric issues a call to action on 3 items that webmasters will need to check to avoid problems with the more secure https implementation in IE7.

Filed under IE7, Internet Explorer, OS - Client, Windows Vista

Related posts:


Comments are closed.

News Search:

Recent Posts:

Daily Digest Email:

Enter your Email

Powered by FeedBlitz


Full category list


Archive List

RSS Feed:

HunterStrat Links:


  • Powered by WordPress.