[Ach] Idea: catching old clients with sni

Pepi Zawodsky pepi.zawodsky at maclemon.at
Tue Nov 12 19:08:30 CET 2013

On 12.11.2013, at 16:51, Adi Kriegisch <adi at kriegisch.at> wrote:
> I think this could be a hint for site operators still caring for users of
> very old browsers. What do you think? Is this worth a hint in our paper?
Site operators could even disable login forms or other means where users submit data in an unsecure way on that fallback host to protect users while suggesting an incentive to upgrade their browsers. (Or to bug the IT department to do so.)

> PS: For Java7 this trick will not work as Java7 supports sni and needs the
> "strong crypto pack" to enable stronger ciphers.
Are there _really_ any Browsers written in Java that people actually use? Or is Java “only” used to access Web-APIs? In the latter case one could specifically narrow access without impacting common browsers. Or am I totally thinking in the wrong direction here? (Or is it just that I'm allergic to Java that I try to find excuses to not support it?)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131112/bf7b84d9/attachment.sig>

More information about the Ach mailing list