[Ach] Idea: catching old clients with sni

Aaron Zauner azet at azet.org
Tue Nov 12 19:31:47 CET 2013


On 12 Nov 2013, at 19:08, Pepi Zawodsky <pepi.zawodsky at maclemon.at> wrote:
>> PS: For Java7 this trick will not work as Java7 supports sni and needs the
>> "strong crypto pack" to enable stronger ciphers.
> Are there _really_ any Browsers written in Java that people actually use? Or is Java “only” used to access Web-APIs? In the latter case one could specifically narrow access without impacting common browsers. Or am I totally thinking in the wrong direction here? (Or is it just that I'm allergic to Java that I try to find excuses to not support it?)

Everybody is allergic to java except for java programmers. Java is used by so many things - you can’t work around it - There might come a time (like with flash) that it is in fact obsolete, but that will take a long time. Java is heavily used in webapps and GUIs that use HTTPS. We’ll need to find a solution.

Aaron

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131112/e5612274/attachment.sig>


More information about the Ach mailing list