[ic] Non-Secure Checkout

Jim Balcom interchange-users@lists.akopia.com
Mon Jul 30 21:11:01 2001 

On Mon, 30 Jul 2001, Dan Browning wrote:

DB>>At 08:42 PM 7/29/2001 -0400, you wrote:
DB>>>I'm not sure if this is worth pursuing, but....
DB>>>
DB>>>I've got some customers that are objecting to my 128-bit security on
DB>>>checkout and are wanting a non-secure checkout in the Construct demo.
DB>>>
DB>>>Is there a simple way to do this? Or, should I simply push them to
DB>>>upgrade their browser?
DB>>>
DB>>>
DB>>>-= Jim =-
DB>>
DB>>Your SSL should automatically handshake to 56-bit encryption even with a 
DB>>128-bit key.  Try getting a low encryption browser and testing it yourself 
DB>>while watching the /var/log/httpd/ssl... logs.

I was using IE 5.0 as a tester. (I normally use Netscape for all of my
browser needs) IE had a 40 bit encryption module in it. I got a 'This
page can not be displayed" error. I installed the service pack for
128-bit and it worked just fine.

DB>>However, your customers might be experiencing other problems.  If you are 
DB>>running OpenSSL (standard), I would recommend upgrading to the latest 
DB>>version, 0.9.6 (-9 for rpm).  The new version seems to work better with 
DB>>more browsers (and low encryption levels).  E.g. when I had 0.9.5, Internet 
DB>>Explorer 5.5 with 56-bit encryption would always show 2 images (random 
DB>>selection) as not available.  Further, there is some httpd.conf stuff that 
DB>>you can do to increase compatibility as well.
DB>>
DB>>Upgrading to 0.9.6 isn't easy, however, since you have to upgrade to an 
DB>>Apache with a mod_ssl that has been compiled against the same version of 
DB>>openssl.  You can compile the whole mess yourself to be sure, or try the 
DB>>RPM trickery, or just buy StrongHold and be done with it.  :-)

While I am running OpenSSL, I am using WN for my server. Far better,
far more options, much easier to run right out of the box.

I'm thinking that most of the customers (I'm not really interested in
doing any sales outside of the US and Canada - shipping is too high!)
should upgrade their browser and be over it!

However, if I can offer them a totally non-secure way to check out and
they prefer to run that risk, rather than to upgrade their browser I
would do it.

-= Jim =-

----------------------------------------------------------------
Jim's Linux-Operated Underground Bomb Shelter

Tagline for Monday, July 30, 2001 at 21:05 PM:
He has Van Gogh's ear for music.

----------------------------------------------------------------
This Linux System has been up 506 hours  

My web page: http://www.idk-enterprises.com
----------------------------------------------------------------