[Discuss] Are there any SSL certificate authorities that don't cost a king's ransom?
Bill Bogstad
bogstad at pobox.com
Mon Jul 29 09:02:50 EDT 2013
On Mon, Jul 29, 2013 at 7:54 AM, Edward Ned Harvey (blu)
<blu at nedharvey.com> wrote:
>> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
>> bounces+blu=nedharvey.com at blu.org] On Behalf Of Tom Metro
>>
>> [Dreamhost] don't yet support Server Name Indication
>
> Even if they did support SNI, the reason people generally can't use SNI right now is because IE on WinXP doesn't support it. SNI will take over someday, and I use it now, but generally customer facing applications cannot use it yet.
>
>
>> 1. http://en.wikipedia.org/wiki/Server_Name_Indication
>
> Yup, on that page, they list some platforms that don't support it. Of which, all you have to say is "IE on XP" and it's already game over as far as deploying SNI on your server right now.
I'm sure you already know, but the date is April 8, 2014
http://windows.microsoft.com/en-us/windows/products/lifecycle
At that point, just redirect to a page that informs the user that they
are running an insecure browser on an operating system which is no
longer receiving security fixes. You won't take their money because
you are concerned that you can't prevent fraud. (i.e. You are doing
it to protect them not make things easier/cheaper for you. :-)
In the meantime, you might put a coundown clock on your web site:
http://www.gieson.com/Library/projects/utilities/countdown/
Bill Bogstad
More information about the Discuss
mailing list