LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

LWN.net Weekly Edition for June 6, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fraudulent certificates in the wild — again

Fraudulent certificates in the wild — again

Posted Jan 4, 2013 13:53 UTC (Fri) by bbaetz (subscriber, #42501)
In reply to: Fraudulent certificates in the wild — again by cjr
Parent article: Fraudulent certificates in the wild — again

Windows XP doesn't support SNI, and IE uses the windows libraries for SSL (Chrome may too - not sure). Firefox uses its own (NSS) so isn't tied to the windows version. Which is the main reason why SNI use hasn't really taken off - its only in the last year that people have been able to really stop supporting ie6 (with Google being big enough to not supporting ie8, a few other sites are starting to match). Not supporting winXP on your website (which is what SNI effectively requires) is a lot further off - at best 2014 (when Microsoft stops supporting it)

(Log in to post comments)

Fraudulent certificates in the wild — again

Posted Jan 5, 2013 0:37 UTC (Sat) by Lennie (subscriber, #49641) [Link]

Chrome used to do that, in the first few versions. Until 4 or something like that, which is ages ago and no1 should be using that anymore.

All versions of IE and Safari on XP or 2000 do not support SNI.

But also almost 50% of all Android phones do not support SNI, because Android 2.x does not support SNI.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds