IEInternals

A look at Internet Explorer from the inside out. @EricLaw left Microsoft in 2012, but was named an IE MVP in '13 & an IE userAgent (http://useragents.ie) in '14

Browse by Tags

Tagged Content List
  • Blog Post: Internet Explorer 11 and Perfect-Forward-Secrecy

    In case you missed it, the recent Windows 8.1 Update update adds four new ciphersuites (including two supported by Chrome32) and changes the ciphersuite order to prefer algorithms that offer Perfect-Forward-Secrecy. You can read more about this update here. Wikipedia has a nice article on PFS , but...
  • Blog Post: There’s never magic, but plenty of butterfly effects

    I’ve always enjoyed magic shows, but I’ve never attempted to understand how the tricks are performed, since that would take all of the fun out of them. In contrast, if I see a web browser demonstrating seemingly magical behavior or misbehavior , I find it hard to sleep until I figure out...
  • Blog Post: “Continue” Link Missing from Certificate Error Page?

    A user recently reported that IE11 wasn’t showing the “Continue” link on the certificate error page shown when visiting their 2009-era router’s configuration UI. They were curious why that link wasn’t shown in this instance. The error page’s Continue link is hidden...
  • Blog Post: Authenticode, HTTPS, and Weak RSA Keys

    Over on the Microsoft PKI blog , there’s some important information about upcoming changes for website operators who use HTTPS or deploy Authenticode-signed applications or ActiveX controls. Weak RSA Keys Blocked To briefly summarize the PKI team’s post, a security update coming to...
  • Blog Post: Avoid “Do not save encrypted pages to disk”

    Internet Explorer has an Advanced option named Do not save encrypted pages to disk . By default, this option is unchecked (except for Windows Server systems) and I recommend you leave it that way. In IE9, this option does exactly what it says it does—resources received from HTTPS URLs...
  • Blog Post: Blog Roll

    These days, I struggle to find time to keep up with all of the tech news, but there are a few streams I make a special effort to stay on top of. Ex-Internet Explorer Dave Risney posts items of interest about URIs, web standards, FiddlerCore and myriad other interesting goodies over on his blog . ...
  • Blog Post: Understanding Certificate Revocation Checks

    Recently, there’s been some interest in how clients perform Certificate Revocation checks and browsers behave in the event that a revocation check cannot be completed. In today’s post, I’ll explain Internet Explorer’s default behavior and explain how you may change the default...
  • Blog Post: HTTPS and Keep-Alive Connections

    As we explore network performance on the “real-world web”, one bad pattern in particular keeps recurring, and it’s not something that our many IE9 Networking Performance Improvements alone will resolve. The bad pattern is the use of Connection: close semantics for HTTPS connections...
  • Blog Post: Misbehaving HTTPS Servers impair TLS 1.1 and TLS 1.2

    Back in the summer of 2009, I blogged about Windows 7’s new support for TLS 1.1 and TLS 1.2 . These new protocols are disabled by default, but can be enabled using Group Policy or the Advanced Tab of the Internet Control Panel: Some adventurous Internet Explorer users have found that...
  • Blog Post: The Hazards of Relying upon Browser Quirks

    While many web developers find subtle browser behaviors baffling, often browser developers are bewildered by web content. Yesterday, we ran into an interesting site compatibility problem that occurs in the latest internal version of IE9. The site in question is a popular site which uses a Flash applet...
  • Blog Post: HTTPS Caching and Internet Explorer

    From time-to-time, I get questions about Internet Explorer’s behavior when it comes to caching of HTTPS-delivered content. It comes as a surprise to many that by-default, all versions of Internet Explorer will cache HTTPS content so long as the caching headers allow it . If a resource is sent...
  • Blog Post: AES is not a valid cipher for SSLv3

    A Windows 7 user of Fiddler encountered an interesting error this morning, and it reminded me of an interesting HTTPS compatibility problem we found in the Windows Vista timeframe. The user is trying to visit https://www.atsenergo.ru with Fiddler running in HTTPS-decryption mode. Fiddler uses the...
  • Blog Post: Understanding Certificate Name Mismatches

    Recently, I received a query from the Windows Mobile team-- they had observed that visiting https://gmail.com triggers a certificate name mismatch error on IEMobile, but doesn’t seem to trigger any error on Windows 7 when using the desktop versions of Internet Explorer or Firefox. Now, long-time readers...
  • Blog Post: Internet Explorer Cannot Download https://something

    Earlier today, I was asked to troubleshoot a secure site where file downloads were always failing . Having seen this problem many times often over the years, I immediately suspected that the web developer wasn’t aware that if a user tries to download * a file over a HTTPS connection, any...
  • Blog Post: Client Certificate Selection Prompt

    The HTTPS protocol allows a secure server to request that the client verify their identity with a client certificate during the initial secure handshake. By presenting a client certificate, the browser helps further defeat man-in-the-middle attacks and authenticates to the web server more securely than...
  • Blog Post: Getting the Server's Certificate Chain from WinINET

    Over the last few years, a number of folks have lamented that there's no good way to get the server's complete certificate chain from a WinINET HTTP response. That has changed with the release of the new WinINET shipping in Windows 7 / IE8. INTERNET_OPTION_SERVER_CERT_CHAIN_CONTEXT is a new flag you...
  • Blog Post: Handling Mixed (HTTPS/HTTPS) Content

    Update: IE9 includes improved handling of Mixed Content. Click to learn more... Background As we developed Internet Explorer 8, we spent quite a bit of time pondering what to do about IE7’s infamous “Mixed Content” warning prompt: As I noted on the IEBlog four years...
  • Blog Post: Windows 7 adds support for TLSv1.1 and TLSv1.2

    Windows 7's updated crypto stack (schannel.dll, etc) offers support for TLSv1.1 and TLSv1.2. While disabled by default in IE8 (for compatibility reasons; some legacy sites will fail to connect when the updated TLS version is offered) the new protocol versions can be enabled by checking the appropriate...
Page 1 of 1 (18 items)