hwg-techniques archives Dec 2001 new search results previous next

Re: SSL Difficulties with older browsers

by "rudy" <r937(at)interlog.com>

 Date:  Tue, 4 Dec 2001 08:51:21 -0500
 To:  "Paul Wilson" <webguroo(at)tampabay.rr.com>,
<hwg-techniques(at)hwg.org>
  todo: View Thread, Original 
>... we are getting calls from customers with older browsers.
> They say that their browser states it's an unsecure site.  Any ideas?

hi paul

i think you'll get that problem with all older browsers

one way is to throw up a popup window that warns visitors prior to them
seeing the browser's security alert

here's the way i did it where i used to work --

<h3>Please Upgrade Your Web Browser</h3>
<p>You are about to enter XYZ company's secure web site.</p>
<p>However, you are using an older browser
which includes a security component called
a <a href="http://www.verisign.com/server/cus/rootcert/faq.html">
Root CA Certificate</a> that expired on December 31, 1999.</p>
<p>Your options are:</p>
<ol>
<li><a href="http://www.microsoft.com/IE"  target="iedownload">
download latest version of Internet Explorer</a></li>
<li><a href="http://www.netscape.com/download" target="browserupgrade">
download latest version of Netscape Communicator</a></li>
<li>proceed to enter anyway (it's safe but you will receive a warning)</li>
</ol>
<p>If you choose to proceed, your browser will give you a dialog box
with a warning message and ask you to Continue or Cancel --
simply click Continue.  <b>You will continue to have secure connections
and your personal information will remain as safe and secure as it was
before.</b> The dialog box will appear again each time you access the
XYZ company web site using an older browser.</p>
<div align=center>
<form onSubmit="self.close()">
<input type=submit value="Proceed">
</form>
</div>

in order to launch this popup window, here's the javascript browser sniff i
was using --

function browsersniff() {
  if (already==1) return;
  var browserName = navigator.appName;
  var browserRealnum = navigator.appVersion;
  var browserParsed = browserRealnum.substring (0,4);
  if (browserParsed == "3.0 ") browserParsed = 3.0;
  if (browserName.indexOf("WebTV") != -1) return;
  var oops=0
  if (browserName == "Netscape" && browserParsed < 4.06)  oops=1
  else if (browserName == "Microsoft Internet Explorer"
        && browserRealnum.indexOf ("Mac") != -1) {
         var ieVer =
browserRealnum.substring(browserRealnum.indexOf("MSIE")+5,

browserRealnum.indexOf("MSIE")+9);
         if (ieVer <= 4.01)  oops=1  }
  if (oops == 1)
     var newWin =
window.open("certwarning.html","cert","width=460,height=470");
  already=1
  }

the key info here is the browser version numbers that contain older
certificates

i triggered this function using onmouseover on each link that led to a
secure page

set already=0 in the <head> so they only get the popup once on each page


hope that helps

rudy

HWG hwg-techniques mailing list archives, maintained by Webmasters @ IWA