none
SplitSSL vs Mixed Zone

    Вопрос

  • Hi folks.

    This is quite a tricky problem; I'll try to be as clear as possible.

    I think it may be an issue with SplitSSL and Mixed Zones.

    Using: Windows 7, IE8 or IE9.

    We installed the SplitSSL hotfix/patch when it was released (February?). This seemed to break a website for payments. We are aware of the information out there regarding SplitSSL; to ensure it is on all severs that require it (which it is). We know we can disable it using the registry, but we want to keep it enabled.

    We present a payment page through our intranet (payments.oursite.com). *.oursite.com is regarded as an intranet zone (zone 1).

    However, this passes data to the secure payment servers held off site (paynow.oursite.com). Although this server has our domain name, it is held outside our Class B network. It does have an alias set in DNS.

    If I attempt to set both sites (payments.oursite.com and paynow.oursite.com) to intranet zone, IE says that it's intranet but the webpage doesn't work correctly. If I set payments.oursite.com to intranet, but paynow.ouriste.com to trusted zone, it says mixed and still doens't work. If I set both to trusted zone, then it works fine (but we lose the intranet functions, such as SSO etc).

    Can anyone shed any light on this?

    I'm thinking that SplitSSL may have issues when dealing with a mixed zone (me be "on purpose" for security reasons), but I suppose our main problem is getting the paynow.oursite.com being recognised as the intranet zone, which it is not.

    Thanks.


    • Изменено MrBeatnik 11 июня 2012 г. 15:49
    11 июня 2012 г. 15:39

Ответы

  • Problem appeared to be TLS 1.0

    Turning TLS 1.0 off (good idea) and leaving 1.1/1.2 enabled made it all work.

    Although, it DOES work with 1.0 on other machines, so I'm guessing that a patch combination with 1.0 is causing the problem.

    In any case, this is a resolution for us.

    • Помечено в качестве ответа MrBeatnik 3 августа 2012 г. 14:59
    3 августа 2012 г. 14:58

Все ответы