lotus

previous page: 6.1.2) I just downloaded a newly released version of Netscape's browser and my bank's server tells me my browser does not have adequate security. What's wrong?
  
page up: Secure Sockets Layer Discussion List FAQ
  
next page: 6.1.4) Do Netscape's browsers cache data on disk that has been received via https?

6.1.3) I downloaded a version of Netscape's browser that is newer than version 4.05. Now, when I go to certain https web sites that used to work for me (like my bank) I get an error message telling me that "Netscape has received bad data from the server." I've been told the problem is with SSL v3 in my new browser, and that I should disable SSL v3 in my browser. What's wrong with SSL v3 in these new browsers? Should I disable it?




Description

This article is from the Secure Sockets Layer Discussion List FAQ, by Shannon Appel SAppel@consensus.com with numerous contributions by others.

6.1.3) I downloaded a version of Netscape's browser that is newer than version 4.05. Now, when I go to certain https web sites that used to work for me (like my bank) I get an error message telling me that "Netscape has received bad data from the server." I've been told the problem is with SSL v3 in my new browser, and that I should disable SSL v3 in my browser. What's wrong with SSL v3 in these new browsers? Should I disable it?

Newer versions of Netscape's browsers enforce the legal export
control requirements of the SSL v3 specification and will not work
with servers that violate the export control provisions of the SSL v3
specification.

Some SSL servers do not properly follow the SSL v3 specification's
requirements for the U.S. Government's export control regulations.
Netscape's server products, and most other brands of server products,
conform to the specification, but a few others do not.

We strongly advise you to NOT disable SSL v3 in your browser. If you
do disable SSL v3, you lose the extra security protections of SSL v3
with ALL the https web sites you visit. By keeping SSL v2 and v3
enabled in your browser, you get the best protection each site can
provide.

Please ask the failing web site to upgrade to conforming servers.

Web sites whose servers violate the specification have several
options at their disposal, including falling back on the less secure
SSL v2, by disabling the non-conformant SSL v3 in their servers, or
replacing their servers with servers that conform to the SSL v3 spec.

 

Continue to:













TOP
previous page: 6.1.2) I just downloaded a newly released version of Netscape's browser and my bank's server tells me my browser does not have adequate security. What's wrong?
  
page up: Secure Sockets Layer Discussion List FAQ
  
next page: 6.1.4) Do Netscape's browsers cache data on disk that has been received via https?