Greg Thompson Greg Thompson - 1 month ago 9
Javascript Question

Page throws TLS error instead of loading

I've researched this up the wazoo but to no avail. I have a page internally that requires TLS 1.1 or 1.2. If they're not on, you get an error:


This page can’t be displayed

Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try
connecting to https://SITEADDRESS again. If this error
persists, it is possible that this site uses an unsupported protocol
or cipher suite such as RC4 (link for the details), which is not
considered secure. Please contact your site administrator.


Obviously the fix is to turn on those cipher suites in IE. However what I would like to put into the page is a check, to preload something from the site, make sure it's visible/readable/loadable/whatever, then allow the user to move forward, OR, if whatever it is I'm checking cannot be rendered/read/etc, direct them elsewhere.

So what I've tried was doing a PHP file_get_contents of the SAME address

<?php
$contents = file_get_contents('https://SITEADDRESS');
echo "<pre>";
var_dump($contents);
echo "</pre>";
?>


However, it ends up being able to pull the page code and dump it out?!?!!? Which means it CAN access the page, yet, I know it can't because I get a TLS error when trying to load it normally.

The question is, how can I precheck a URL with TLS as a consideration before forwarding the user on to a page that might not render?

Answer

It appears you're mixing server-side and client-side.

I assume PHP is running server-side, and it definitely will not be affected by IE's (which I'm assuming is running client-side) choice of ciphers.

If that doesn't make sense, let me know and I'll give further utterance...

If I'm understanding correctly, you want your own logic running on the client (IE) to detect if the client (IE) can reach the URL.

You could try firing an asynchronous request via Javascript (e.g. https://api.jquery.com/jquery.get/ )

YMMV, I'm not sure if IE will pass the TLS error into your Javascript code or not. Assuming it does, you should be able to at least handle any error events (arising from the Javascript HTTP request) and assume the client should not try to proceed.

Comments