[TriLUG] iPad SSL site oddity
Matt Flyer via TriLUG
trilug at trilug.org
Tue May 9 17:08:57 EDT 2017
On Tue, 2017-05-09 at 10:52 -0400, Roger wrote:
> Browsers are notorious for not complying with standards for web
> pages. Maybe it's Safari's fault.
> --
> Roger Broseus
>
Apple, or as I call them Fruit, products seem to be especially
notorious for not following standards. Email issues related to which
port to use 25 or 587 with TLS or SSL comes readily to mind. I've had
more issues getting email to work on the stupid thing than anything
else.
On Tue, 2017-05-09 at 10:42 -0400, Tim Jowers wrote:
> iOS 10 enforced newer SSL protocols, IIRC. Its a big pain in the butt
> but Apple bows to no man, not even their customers. I forget the
> exact name but there are some websites you can point at your website
> to see vulnerabilities, and those listed will be things you have to
> upgrade.
>
> Cheers,
> Tim
>
This is one thing that was weird. I only enable to newer SSL protocols
(mostly TLS), forbid the SSL2, SSL3, and then suggest the ciphers in
order of starting with maximum strength as I'm not concerned about
speed as the number of connections is so low.
It's still really wierd that until I named the virtual host rather than
making it the default via the IP address, that the newer Fruit machine
would refuse to connect. I've been noticing a trend, and I am not
impressed with it, that browsers are starting to refuse the ability to
override them when they deem that your connection isn't secure. For
example, the old "hotmail.com" in Firefox, won't let you accept the
certificate on the original domain and made you go to "live.com". It
appears they've added a redirect but this changed a few days ago and in
the interim Firefox refused to allow an override. I really dislike
when some programmer somewhere decides they know better what I want to
do or feels the need to protect me from myself. I don't need to be
nannied.
It used to be the old joke applied: Apple does what Apple wants (very
true), Linux does what the programmer wants (often times true, but that
seems to be changing) and Windows does whatever the F--- it wants.
More information about the TriLUG
mailing list