Sounds reasonable. The AIR downloading code via URLLoader just seems sensitive. Do we know if we use AIR sockets and build our own http download protocol on top if it will bypass the IE libraries underneath?
-Alex On 2/4/15, 11:03 AM, "Nicholas Kwiatkowski" <nicho...@spoon.as> wrote: >An option we could use is to try https first. If it fails, present the >user to drop down to http. This should take care of all use cases, yet >still allow the user control the security level... > >-Nick > >On Wed, Feb 4, 2015 at 12:02 PM, Alex Harui <aha...@adobe.com> wrote: > >> In another thread, I think Tom C says we should be using https to >>deliver >> all of our bits, which we aren’t today. What do folks think? >> >> -Alex >> >> On 2/4/15, 8:37 AM, "Alex Harui" <aha...@adobe.com> wrote: >> >> >I thought the change to http was going to be in the >> >sdk-installer-config-4.0.xml file but it turns out it isn’t. When the >> >artifact is coming from the mirrors, the Installer uses https to get >>MD5 >> >and the apache-flex-sdk-installer-config.xml file. Should we use http >>to >> >get the MD5s as well? If so, that is a simple change we can test in >>the >> >nightly builds. >> > >> >-Alex >> > >> >On 2/4/15, 8:12 AM, "Erik de Bruin" <e...@ixsoftware.nl> wrote: >> > >> >>+1 here as well, especially since that would be an 'easyfix' ;-) >> >> >> >>EdB >> >> >> >> >> >> >> >>On Wed, Feb 4, 2015 at 5:11 PM, OmPrakash Muppirala >> >><bigosma...@gmail.com> wrote: >> >>> On Feb 4, 2015 8:09 AM, "Alex Harui" <aha...@adobe.com> wrote: >> >>>> >> >>>> Another question for you guys, since I don’t have any expertise in >> >>>>this >> >>>> area, would we in fact skirt around this by hitting http for more >>of >> >>>>our >> >>>> downloads instead of https? >> >>>> >> >>> >> >>> +1 to hitting http by default. >> >>> >> >>> Thanks, >> >>> Om >> >>> >> >>>> -Alex >> >>>> >> >>>> On 2/4/15, 8:05 AM, "Paul Hastings" <paul.hasti...@gmail.com> >>wrote: >> >>>> >> >>>> >On 2/4/2015 10:52 PM, Nicholas Kwiatkowski wrote: >> >>>> >> Anything Vista+/Mac OS10.4+ has TLS turned on by default. It >>was >> >>>>made >> >>>> >> available in XP, if you turned it on. >> >>>> > >> >>>> >1.0 was on by default, 1.1 & 1.2 (guess the culprit here) weren't. >> >>>> > >> >>>> >> >> >> >> >> >> >> >>-- >> >>Ix Multimedia Software >> >> >> >>Jan Luykenstraat 27 >> >>3521 VB Utrecht >> >> >> >>T. 06-51952295 >> >>I. www.ixsoftware.nl >> > >> >>
