IEBlog : Windows Vista’s RFC-compliant TLS Extensions

Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Back in October, we blogged about some of the HTTPS improvements we’re making to IE7. At the time, we mentioned that we have encountered some HTTPS servers which claim to support TLS, but violate the RFC and “hang up” when extensions are received during the HTTPS handshake process. On Wednesday, Windows Networking GPM Billy Anders posted to the Windows Networking team blog, explaining why buggy TLS servers will result in connection failures when Windows Vista clients send TLS extensions.

The IE site-compatibility team will be proactively contacting the few major web sites who are running broken TLS implementations, but please be sure to try out your own secure sites using the upcoming Windows Vista Beta 2. If you cannot connect to the site by default, but successfully connect after you uncheck “Use TLS 1.0” in Tools | Internet Options | Advanced, please contact the manufacturer of your web server software about the availability of a fix for their TLS implementation.

- Eric Lawrence

Published Monday, April 17, 2006 11:41 AM by ieblog

Filed under: General IE Information, IE Announcements, Developers

Comments

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Monday, April 17, 2006 3:22 PM by JoshCh

Speaking of TLS, will IE7 support RFC 2817 to enable name based virtual hosting for SSL/TLS sites?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Monday, April 17, 2006 4:33 PM by Frankster

The link to the networking team blog is a 404 :P

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Monday, April 17, 2006 4:39 PM by wndpteam

Frankster: Works for me...

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Monday, April 17, 2006 4:45 PM by ieblog

Frankster, try visiting the link from the blog entry and not an RSS feed.

There is an outstanding issue with the Connect site that the blog runs on where they are turning blogs.msdn.com links into relative links in the RSS and Atom feeds. Since you aren't on the site, that means the links don't work from an RSS reader.

They say it will be fixed soon as I had an exchange with them about it today.

- Al Billings [MSFT]

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Monday, April 17, 2006 4:46 PM by ieblog

That should be "Community Server" not "Connect." Shows you where my head is...

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Tuesday, April 18, 2006 9:16 AM by KJ

Microsoft folks being pedantic about RFC compliace? And doing it with a straight face? That's the first laugh-out-loud thing I've seen today....

# A change in standards compliance attitude

Tuesday, April 18, 2006 8:40 PM by straight_up

KJ, I know, it's not what most of us developers expect.

However, I'm glad Microsoft, specifically the IE team, is trying to turn over a new leaf and get serious about standards.

If they didn't, wouldn't we hate them later for it, when browsers following RFC to the letter "break" certain sites that where compatible with IE? --Just like happened with (X)HTML/CSS compliance?

Thanks for wanting to get it right this time, Microsoft.

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Tuesday, April 18, 2006 9:56 PM by Steven Roussey

Since we don't have a Windows Vista Beta 2 invitation code, perhaps you can setup a webpage that will test a site for a given domain name, and post that here.

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Wednesday, April 19, 2006 2:50 AM by EricLaw [MSFT]

@JoshCh: No, IE will not support 2817 for "upgrade" to SSL. There are significant UI problems with the approach outlined in 2817 that make it less than ideal for a general purpose user-agent like a web browser.

In contrast, the Server Name Indicator approach specified in RFC3546 does not suffer from the same UI complications. As such, IE7 on Windows Vista will support SSL virtual hosting using the TLS extension specified in RFC3546.

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Wednesday, April 19, 2006 11:46 AM by ieblog

Posting your home and cell phone number here is probably not a good idea, folks. We don't offer direct support via the blog. It just would not scale.

The software is a pre-Beta (not even a Beta). Please don't install it on a system that is critical for getting your work done. Wait for the final release of IE7 for that.

Al Billings [MSFT]

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Wednesday, April 19, 2006 3:46 PM by microzila

it shure wont scale i just blogged about it at microzila and mozila and opera

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Thursday, April 20, 2006 3:09 PM by Shawn Oster

Funny to hear Microsoft quoting RFC's considering how loose they played with standards when it came to CSS :)

Great to see Microsoft on the standards side of the fence this time!

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Thursday, April 20, 2006 5:34 PM by ieblog

Shawn,

The main issue with our CSS support is that we haven't released a full update in a long time. You should look at what the support was like when we did release and you'll see we were a front runner then. That doesn't change the fact that we do need to update things but there is a context.

Al Billings [MSFT]

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Thursday, April 20, 2006 8:13 PM by Bradley Smith

Unchecking the Use "TLS 1.0" did not work for me...

https://capitalcitydesign.net/ and https://barkvineyards.com/

Server problem? Server is Apache 1.3.34 (Unix). The host refuses to upgrade Apache.

Thanks,
Bradley Smith
bradley@capitalcitydesign.net

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Thursday, April 20, 2006 9:45 PM by EricLaw [MSFT]

@Bradley: Do those HTTPS URLs work in ~any~ browser? I cannot reach either of those sites using IE7 on XP, nor Opera and Firefox.

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Friday, April 21, 2006 1:08 AM by Rita Z

Bradley: Neither of these sites accept TCP connection on the https port (443). I just checked it with the netmon and they send RSTs back. This has nothing to do with either Vista or SSL negotiation. It just doesn't come to that point yet...

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Friday, April 21, 2006 12:55 PM by David Conrad

Paging Al Billings; Al, RuleZ023 posted comment spam, check the link.

While I'm here:

"The software is a pre-Beta (not even a Beta)."

So is that why you call it "Beta2"? Maybe you should call it Beta^-2, the square root of a Beta. Hint: there's another Greek letter before Beta that you could use to indicate pre-Beta, although I bet the marketing dept. wouldn't let you.

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Friday, April 21, 2006 1:12 PM by ieblog

We don't call it a Beta. Beta 2 isn't out yet. It's a preview hence the "Beta 2 Preview" name for it. It's a snapshot of our Beta 2 code in development.

Al Billings [MSFT]

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Friday, April 21, 2006 1:13 PM by ieblog

And as to why we don't call it an Alpha, it doesn't really make sense to have a build that comes out between Beta 1 and Beta 2 an Alpha does it? We've already had the official Beta 1 and we're in progress towards Beta 2, Alpha just doesn't apply.

Al Billings [MSFT]

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Friday, April 21, 2006 3:36 PM by Bradley Smith

EricLaw [MSFT] & Rita Z,

Thank you for your replies. It looks my hosting company has screwed up... again. Anyone know of any decent hosts out there??

Bradley Smith
bradley@capitalcitydesign.net

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Friday, April 21, 2006 4:44 PM by Bradley Smith

EricLaw [MSFT] & Rita Z,

My hosting company fixed the HTTPS issue and the websites works in IE 7 with TLS 1.0 enabled. So Apache 1.3.34 does work (and I guess you can assume all newer versions as well (i can't vouch for prior versions)).

Bradley Smith
bradley@capitalcitydesign.net

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Sunday, April 23, 2006 8:46 AM by Buying Computers Tips

Our web hosting company is trying to deal with this as well. They seem to be ok for now. I keeping my fingers crossed

Bradley Smith: I am also looking to switch web hosts. I would suggest going to couple of web hosting forums because if you go to just one of them they could be biased. I am not putting the dot com part of the URL here - try webhostingtalk and webhostingforum for opinions.

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Sunday, April 23, 2006 9:01 AM by RuleZ023

My life's been pretty dull recently. Shrug. My mind is like a void. I haven't gotten anything done lately. I can't be bothered with anything recently.

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Sunday, April 23, 2006 11:46 AM by 公司法

I would suggest going to couple of web hosting forums because if you go to just one of them they could be biased.

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Sunday, April 23, 2006 10:23 PM by John Lord

The last problem I ever had with TLS was when my bank switched to not allowing passwords in the URL and I had to select something different in the Advanced options. I had no problem getting to the barkvineyard site with IE7B2 in XP. Going to some sites that don't recognize IE7, you may have to play tricks. To get to www.CVS.com, you have to patch the registry to report IE7 as IE6 to fool their site. I found that in the KB somewhere, but don't have the link. IE7B2 seems to be working fine for me.

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Monday, April 24, 2006 6:17 AM by Seb

David Conrad: Beta^-2 is not the square root, that'd be Beat^0.5, get it right if you're going to be a pedant.

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Monday, April 24, 2006 5:26 PM by cooperpx

@ Al Billings

Microsoft has been very consistent with the naming of "IE7 Beta 2 Preview". But Microsoft doesn't control how people will repeat "Beta 2 Preview" in their blogs or articles or security release notices.

Look at your fav search engine and scan the entries. If it isn't a Microsoft article, you'll find that people will not repeat the "redundant" word "Preview" after "Beta".

"Snapshot" is a superior word, but it isn't great here either because you'd have to use a date next to it: "IE 7 Beta 2, May 2006 Snapshot". <--- looks not so good

Remember PKZIP 2.0g ? Letter numbering was great back in it's day. Told you how many kicks at the can you had to get a specific version ready. When you're done with the letters, replace it with a number.

IE7B1d <--- looks good to me
IE7B2 <--- looks good also

When Beta 2 actually comes out, I hope "Preview" will be dropped for a while so confusion will goway when the new posts arrive saying "IE7 Beta 2 ready for download".

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Tuesday, April 25, 2006 10:34 PM by Zorine Brodacz

I do not like it and would like my old internet explorer back. How do I do that.

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Thursday, April 27, 2006 1:59 AM by EricLaw [MSFT]

@Zorine-- Sorry to hear you didn't like it. Any suggestions?

Uninstalling IE7 is easy. Go into your system Control Panel and choose Add or Remove Programs.

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Friday, April 28, 2006 12:48 PM by Michael Newton

Good that SSL 2 is disabled by default (finally) but checking it brought up another question.

Do you have any plans to improve the UI in the Internet Options box? A 50-item list of radio buttons and checkboxes is no fun to scroll through, especially when the container is non-resizable! One of the many things that I love about Firefox is that many of the dialogs (which are static and modal in IE) are resizable and non-modal.

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Friday, April 28, 2006 9:43 PM by EricLaw [MSFT]

@Michael: Alas, no, we won't be doing much more with the Internet Options for the IE7 release. We fixed some key scenarios, but we didn't have the time to do a major rearchitecture. This is something that we'll be looking at for the next releases.

# Having Trouble with Vista RC1, IE7 and certain online HTTPS / SSL sites?

Friday, September 08, 2006 5:22 PM by Canadian IT Professionals

I've been asked this a couple of times by a number of people since RC1 came out. I experienced this myself...

# Windows 7 RC1 gets special Features

Sunday, April 26, 2009 9:23 PM by Windows 7 RC1 gets special Features

Esta build (7100. 0. winmain_ win7rc. 090421- 1700) foi compilada na passada Terça- Feira e ao que parece já começou a ser distribuída a parceiros OEM.

# IEBlog Windows Vista s RFC compliant TLS Extensions Can your server | Paid Surveys

Friday, May 29, 2009 7:23 PM by IEBlog Windows Vista s RFC compliant TLS Extensions Can your server | Paid Surveys

PingBack from http://paidsurveyshub.info/story.php?title=ieblog-windows-vista-s-rfc-compliant-tls-extensions-can-your-server

# IEBlog Windows Vista s RFC compliant TLS Extensions Can your server | internet marketing tools

Tuesday, June 16, 2009 12:07 AM by IEBlog Windows Vista s RFC compliant TLS Extensions Can your server | internet marketing tools

PingBack from http://einternetmarketingtools.info/story.php?id=15

New Comments to this post are disabled

IEBlog

This Blog

Syndication

Search

Tags

News

Archives

IE Sites

IE Team Members

Other Links

Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

Comments

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# A change in standards compliance attitude

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# re: Windows Vista’s RFC-compliant TLS Extensions – Can your server handle them?

# Having Trouble with Vista RC1, IE7 and certain online HTTPS / SSL sites?

# PatchLog &raquo; Blog Archive &raquo; TLS for HTTP

# What is wrong with PayPal??? - WarriorForum - Internet Marketing Forums

# Server Name Indication &raquo; Zomaar&#8230;

# Windows 7 RC1 gets special Features

# IEBlog Windows Vista s RFC compliant TLS Extensions Can your server | Paid Surveys

# IEBlog Windows Vista s RFC compliant TLS Extensions Can your server | internet marketing tools

# PatchLog » Blog Archive » TLS for HTTP

# Server Name Indication » Zomaar…