On Feb 4, 2015 5:33 PM, "Alex Harui" <aha...@adobe.com> wrote: > > Sounds reasonable. > > The AIR downloading code via URLLoader just seems sensitive. Do we know > if we use AIR sockets and build our own http download protocol on top if > it will bypass the IE libraries underneath?
Yes, it will. I use the as3httpclient in my projects and it should work fine and bypass any browser based settings. Thanks, Om > > -Alex > > On 2/4/15, 11:03 AM, "Nicholas Kwiatkowski" <nicho...@spoon.as> wrote: > > >An option we could use is to try https first. If it fails, present the > >user to drop down to http. This should take care of all use cases, yet > >still allow the user control the security level... > > > >-Nick > > > >On Wed, Feb 4, 2015 at 12:02 PM, Alex Harui <aha...@adobe.com> wrote: > > > >> In another thread, I think Tom C says we should be using https to > >>deliver > >> all of our bits, which we aren’t today. What do folks think? > >> > >> -Alex > >> > >> On 2/4/15, 8:37 AM, "Alex Harui" <aha...@adobe.com> wrote: > >> > >> >I thought the change to http was going to be in the > >> >sdk-installer-config-4.0.xml file but it turns out it isn’t. When the > >> >artifact is coming from the mirrors, the Installer uses https to get > >>MD5 > >> >and the apache-flex-sdk-installer-config.xml file. Should we use http > >>to > >> >get the MD5s as well? If so, that is a simple change we can test in > >>the > >> >nightly builds. > >> > > >> >-Alex > >> > > >> >On 2/4/15, 8:12 AM, "Erik de Bruin" <e...@ixsoftware.nl> wrote: > >> > > >> >>+1 here as well, especially since that would be an 'easyfix' ;-) > >> >> > >> >>EdB > >> >> > >> >> > >> >> > >> >>On Wed, Feb 4, 2015 at 5:11 PM, OmPrakash Muppirala > >> >><bigosma...@gmail.com> wrote: > >> >>> On Feb 4, 2015 8:09 AM, "Alex Harui" <aha...@adobe.com> wrote: > >> >>>> > >> >>>> Another question for you guys, since I don’t have any expertise in > >> >>>>this > >> >>>> area, would we in fact skirt around this by hitting http for more > >>of > >> >>>>our > >> >>>> downloads instead of https? > >> >>>> > >> >>> > >> >>> +1 to hitting http by default. > >> >>> > >> >>> Thanks, > >> >>> Om > >> >>> > >> >>>> -Alex > >> >>>> > >> >>>> On 2/4/15, 8:05 AM, "Paul Hastings" <paul.hasti...@gmail.com> > >>wrote: > >> >>>> > >> >>>> >On 2/4/2015 10:52 PM, Nicholas Kwiatkowski wrote: > >> >>>> >> Anything Vista+/Mac OS10.4+ has TLS turned on by default. It > >>was > >> >>>>made > >> >>>> >> available in XP, if you turned it on. > >> >>>> > > >> >>>> >1.0 was on by default, 1.1 & 1.2 (guess the culprit here) weren't. > >> >>>> > > >> >>>> > >> >> > >> >> > >> >> > >> >>-- > >> >>Ix Multimedia Software > >> >> > >> >>Jan Luykenstraat 27 > >> >>3521 VB Utrecht > >> >> > >> >>T. 06-51952295 > >> >>I. www.ixsoftware.nl > >> > > >> > >> >
