TLS: How to detect if a browser supports it?

rascal
rascal used Ask the Experts™
on
Our website has an SSL certificate installed by TrustWave that is causing browsers without TLS security enabled, to fail.

This just started happening today (July 3, 2010). Our concern is that visitors to our site will not be able to purchase products because their browser will fail to load the page (there is no error message indicating that's the problem when using FireFox, IE does hint at it if you expand the diagnostics but how many users would understand it?)

QUESTION: Is it possible for our website to detect is a browser does not have TLS enabled before they get to our secure page, so that we can warn them in advance?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:
It should allow browsers with just SSL to connect.  ??

Author

Commented:
nope, doesn't.
Only when I enable TLS does it work, even though SSL 1 and 2 are enabled.
Fixer of Problems
Most Valuable Expert 2014
Commented:
TrustWave said it supports SSL3.0 and TLS1.0.  That's what my copy of Firefox supports also.  IE8, Safari also.  Google Chrome let's you enable SSL 2.0 but SSL 3.0 dates from 1999 I believe.  Google thinks that they know what's best and don't want to talk about it.
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

Author

Commented:
I am running the current version of Chrome as well, but it doesn't load the page. I have IE8, but unless I explicitly turn on TLS in the advanced tools settings, the page doesn't load.
This only began today (July 3) so I can only assume that the certificate authority has somehow changed how they manage the security, in a way that causes problems.
I created a simple test page called test.htm in the root of the site, and put one word in it: "Test".
Give this a try and see if you are able to view it in your Chrome browser:

https://www.queenofseattle.com/test.htm
 
Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:
IE8 has the problem you mentioned but Chrome 5 loads fine even with SSL 2.0 unchecked.  IE6 (TLS on), Safari, Opera and Flock work fine too.
Distinguished Expert 2017

Commented:
Check your web server configuration to make sure it is configured to handle both SSL and TLS connections.
Post what your web server is, IIS, apache, websphere, etc.

Author

Commented:
The web server is a shared hosting plan at Hosting.com, but it is a windows IIS running a virtual machine.
Distinguished Expert 2017
Commented:
They have to check the web server configuration to make sure it supports both SSL and TLS.

Have them look at:
http://support.microsoft.com/kb/187498 and by extention
http://support.microsoft.com/kb/245030/

Author

Commented:
If I enable TLS on my browser, and then it works, doesn't that mean that the web host also supports it?
Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:
Yes but it doesn't mean that SSL is setup properly which is supposed to be the alternative.  It is an SSL certificate.  ??
Distinguished Expert 2017

Commented:
It is not the issue with whether the web host also supports it, the web server should support connection using both ssl 2.0 and TLS 1.0.

I have had a similar discussion before within EE dealing with a similar issue.
http://www.experts-exchange.com/Software/Server_Software/Application_Servers/Java/BEA_WebLogic/Q_26187222.html?cid=1065

The TLS/SSL is the first step to establish a connection between a clients browser and the web server.  IF any failure occurs during this step no connection is establish and no information can be exchanged between the client and the server.

The issue is the result of a misconfiguration of the web server by the host and can only be corrected by the host.

The end user can of course enable TLS under the internet options\advanced but similar modifications have to be  made within whatever browser the client might prefer.

The issue might be that some clients are still using the older vesion of browser that might not support TLS.

Unless you plan on helping each client currently having a problem to adjust their browser's configuration to enable TLS, make sure your host provider makes the adjustment to allow either TLS or SSL connections.

Author

Commented:
The web host would only say that it was their fault and that they had misconfigured their web server.

Appreciate all the help!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial