Sunday, October 23, 2005

More IE 7 Security Details

On the official IE Blog, Christopher Vaughan Eric Lawrence talks about the changes coming in IE7 to improve the security and user experience for HTTPS connections.

Call to Action:

1. If your site requires SSLv2, please reconfigure it to permit SSLv3 or TLSv1 connections.

2. Ensure that the hostnames used for your secure pages exactly match the hostname in your digital certificate. For example, using the certificate for on will result in an error page.

3. If your site supports TLS, please ensure that it has a standards-compliant implementation of TLS that does not fail when extensions are present. Testing for a non-compliant TLS server is as simple as navigating to any HTTPS page on the server using IE7 on Vista Beta 2. If IE7 fails to connect, TLS extensions are the most likely culprit.