Hello -

I wrote a quick app this morning to fill a need and used my usual SSL server and recycled my usual authentication scheme. For whatever reason, I tested it in Chrome which freaked out and gave me a security warning. It ensured that my SSL certificate was fine and trusted, however, it flagged the page with this:

-----------

Your connection to [MY_HOST] is encrypted with 256-bit encryption. However, this page includes other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the behavior of the page.

The connection uses TLS 1.0.

The connection is encrypted using AES_256_CBC, with SHA1 for message authentication and DHE_RSA as the key exchange mechanism.

The connection is not compressed.

The server does not support the TLS renegotiation extension.

-----------

No warnings are ever given in Safari or Firefox. If people start using Chrome, I don't want them to be scared. :)


Patrick

#############################################################
This message is sent to you because you are subscribed to
the mailing list Lasso
Lasso@lists.lassosoft.com
To unsubscribe, E-mail to: <Lasso-unsubscribe@lists.lassosoft.com>
Send administrative queries to <Lasso-request@lists.lassosoft.com>