Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Are there any SSL certificate authorities that don't cost a king's ransom?



On Mon, Jul 29, 2013 at 7:54 AM, Edward Ned Harvey (blu)
<blu at nedharvey.com> wrote:
>> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
>> bounces+blu=nedharvey.com at blu.org] On Behalf Of Tom Metro
>>
>> [Dreamhost] don't yet support Server Name Indication
>
> Even if they did support SNI, the reason people generally can't use SNI right now is because IE on WinXP doesn't support it.  SNI will take over someday, and I use it now, but generally customer facing applications cannot use it yet.
>
>
>> 1. http://en.wikipedia.org/wiki/Server_Name_Indication
>
> Yup, on that page, they list some platforms that don't support it.  Of which, all you have to say is "IE on XP" and it's already game over as far as deploying SNI on your server right now.

I'm sure you already know, but the date is April 8, 2014

http://windows.microsoft.com/en-us/windows/products/lifecycle

At that point, just redirect to a page that informs the user that they
are running an insecure browser on an operating system which is no
longer receiving security fixes.  You won't take their money because
you are concerned that you can't prevent fraud.  (i.e. You are doing
it to protect them not make things easier/cheaper for you. :-)

In the meantime, you might put a coundown clock on your web site:

http://www.gieson.com/Library/projects/utilities/countdown/

Bill Bogstad



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org