Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News

      MS Details More IE 7 Security Goodies

      By
      Ryan Naraine
      -
      October 24, 2005
      Share
      Facebook
      Twitter
      Linkedin

        Microsoft plans to discontinue the use of the SSLv2 (Secure Socket Layer) protocol in the coming Internet Explorer browser refresh.

        In its place, he company will fit the stronger TLSv1 (Transport Layer Security) protocol into IE 7 as part of an overall plan to improve the security and user experience for HTTPS connections.

        Microsoft Corp. made the announcement on its official IE Blog where a call to action was issued for Web site owners to make the necessary configuration changes to permit the new protocol connections.

        Eric Lawrence, a program manager on the IE team, also warned that the new browser will block navigation to HTTPS sites that present problematic digital certificates.

        “Upon encountering a certificate problem, IE7 presents an error page that explains the problem with the digital certificate. The user may choose to ignore the warning and proceed in spite of the certificate error (unless the certificate was revoked),” Lawrence explained.

        “If the user clicks through a certificate error page, the address bar will flood fill with red to serve as a persistent notification of the problem,” he added.

        The UI change will occur is a certificate is issued to a hostname other than the URLs hostname; if a certificate is issued by an untrusted root; or if the certificate is expired or revoked.

        /zimages/2/28571.gifClick here to read more about Microsoft scrapping old encryption in new code.

        Web site operators that require SSLv2 are urged to reconfigure the settings to permit SSLv3 or TLSv1 connections.

        “Ensure that the hostnames used for your secure pages exactly match the hostname in your digital certificate. For example, using the certificate for www.example.com on secure.example.com will result in an error page,” Lawrence said.

        “If your site supports TLS, please ensure that it has a standards-compliant implementation of TLS that does not fail when extensions are present. Testing for a non-compliant TLS server is as simple as navigating to any HTTPS page on the server using IE7 on Vista Beta 2. If IE7 fails to connect, TLS extensions are the most likely culprit,” he added.

        Microsoft currently allows users IE6 to manually configure the stronger settings vie the Tools > Internet Options > Advanced menu but the changes will be fitted by default into IE 7 to allow Web surfers to negotiate HTTPS connections using SSLv3 or TLSv1.

        Lawrence described the change as a “silent improvement in security” that wont affect the normal user experience.

        “Our research indicates that there are only a handful of sites left on the Internet that require SSLv2. Adding support for SSLv3 or TLSv1 to a website is generally a simple configuration change,” he added.

        /zimages/2/28571.gifClick here to read more about Microsoft urging developers to prepare for IE 7.

        In IE 6 today, whenever a surfer encounters a problem with a HTTPS-delivered webpage, a modal dialog box asks the user to make a security decision. In IE 7, that will change to follows the “secure by default” paradigm and default to the secure behavior.

        “In addition, users will no longer see the so-called Mixed-Content prompt, which read: This page contains both secure and nonsecure items. Do you want to see the nonsecure items? IE7 renders only the secure content and offers the user the opportunity to unblock the nonsecure content using the Information Bar. This is an important change because very few users (or web developers) fully understand the security risks of rendering HTTP-delivered content within a HTTPS page,” Lawrence added.

        He also revealed that the new Windows Vista platform will include several new cryptographic algorithms for HTTPS communications, including the AES (Advanced Encryption Standard). AES is a strong, efficient algorithm that offers support for key lengths of up to 256 bits.

        In Windows Vista, certificate revocation checking is also enabled by default.

        /zimages/2/28571.gifCheck out eWEEK.coms for Microsoft and Windows news, views and analysis.

        Ryan Naraine
        Get the Free Newsletter!
        Subscribe to Daily Tech Insider for top news, trends & analysis
        This email address is invalid.
        Get the Free Newsletter!
        Subscribe to Daily Tech Insider for top news, trends & analysis
        This email address is invalid.

        MOST POPULAR ARTICLES

        Latest News

        Zeus Kerravala on Networking: Multicloud, 5G, and...

        James Maguire - December 16, 2022 0
        I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
        Read more
        Applications

        Datadog President Amit Agarwal on Trends in...

        James Maguire - November 11, 2022 0
        I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
        Read more
        IT Management

        Intuit’s Nhung Ho on AI for the...

        James Maguire - May 13, 2022 0
        I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
        Read more
        Applications

        Kyndryl’s Nicolas Sekkaki on Handling AI and...

        James Maguire - November 9, 2022 0
        I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
        Read more
        Cloud

        IGEL CEO Jed Ayres on Edge and...

        James Maguire - June 14, 2022 0
        I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
        Read more
        Logo

        eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

        Facebook
        Linkedin
        RSS
        Twitter
        Youtube

        Advertisers

        Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

        Advertise with Us

        Menu

        • About eWeek
        • Subscribe to our Newsletter
        • Latest News

        Our Brands

        • Privacy Policy
        • Terms
        • About
        • Contact
        • Advertise
        • Sitemap
        • California – Do Not Sell My Information

        Property of TechnologyAdvice.
        © 2022 TechnologyAdvice. All Rights Reserved

        Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

        ×