In window Vista OS, several new behaviors have been introduced in the area of security and user experience for HTTPS connections, they are:

1. HTTPS certificate
IE7 will block navigation to HTTPS sites that present a digital certificate that has any of the following problems:
a. Certificate was issued to a hostname other than the current URL's hostname
b. Certiifcate was issuedby an untrusted root
c. Certificate is expired
d. Certificate is revoked.

Upon encountering a certificate problem, IE7 presents an error page that explains the problem with the digital certificate. The user may choose to ignore the warning and proceed in spite of the certificate error (unless the certificate was revoked). If the user clicks through a certificate error page, the address bar will floodfill with red to serve as a  customer  notification of the problem.

2. Mixed-Content prompt
User will no longer see the so-called Mixed-Content prompt, which read: This page contains both secure and nonsecure items. Do you want to see the nonsecure items? IE7 renders only the secure content and offers the user the opportunity to unblock the nonsecure content using the Information Bar.

3. New default protocol mode.
In IE7 of window Vista, the default HTTPS protocol setting will be changed to disable the weaker SSLv2 protocol and to enable the stronger TLSv1 protocol.

With above changes in IE7 of Window Vista, the user of our Java plugin will see different behavior to run their applet, so we have to address them accordingly.
Posted Date : 2006-04-04 14:58:16.0

N/A

The issue #3 has been fixed in bug #6409286, the other two issues is new design of IE7, we have to accept it, we will explain these in our release doc.
Posted Date : 2006-04-07 19:58:36.0