I’m going to try to see if I can capture where we are: At least one person got stuck because AIR on Windows uses IE/OS settings that needed tweaking otherwise it blocked an HTTPS download. Yet of the list of common failures, many others failed after getting past at least two HTTPS downloads.
We have several votes to not use https at all. There is still a chance that now or someday, some download that first attempts http will fail or be redirected to https. We have an option to replace URLLoader with an AS3 native HTTP implementation. AIUI, there is a chance that will just solve everything and we won’t need to care about HTTP vs HTTPS any more. Can someone confirm? A new idea that popped into my head is having a checkbox in the Installer where you can select to use HTTPS. Is that practical? IMO, we’d default to HTTP and folks who are concerned would opt in to HTTPS. What do others think? IMO, for 3.2 we should just do the swap of an AS3 native HTTP implementation and not switch our urls to HTTP or add some checkbox. Then we can get better data on how many problems that change solved or if it introduces new issues. Not that I’m volunteering to do that work. -Alex On 2/5/15, 6:06 AM, "Kessler CTR Mark J" <mark.kessler....@usmc.mil> wrote: >+1 to http vs https. > >-Mark > >-----Original Message----- >From: omup...@gmail.com [mailto:omup...@gmail.com] On Behalf Of OmPrakash >Muppirala >Sent: Wednesday, February 04, 2015 11:11 AM >To: dev@flex.apache.org >Cc: Paul Hastings >Subject: Re: [Installer - FLEX-34251] Is SSK needed for load installer >config? > >On Feb 4, 2015 8:09 AM, "Alex Harui" <aha...@adobe.com> wrote: >> >> Another question for you guys, since I don’t have any expertise in this >> area, would we in fact skirt around this by hitting http for more of our >> downloads instead of https? >> > >+1 to hitting http by default. > >Thanks, >Om > >> -Alex >> >> On 2/4/15, 8:05 AM, "Paul Hastings" <paul.hasti...@gmail.com> wrote: >> >> >On 2/4/2015 10:52 PM, Nicholas Kwiatkowski wrote: >> >> Anything Vista+/Mac OS10.4+ has TLS turned on by default. It was >>made >> >> available in XP, if you turned it on. >> > >> >1.0 was on by default, 1.1 & 1.2 (guess the culprit here) weren't. >> > >>
