I am developing a FireFox extension when I do xhr to the Secure server , particularly POST a data it gives a status 500, and following mesage: 开发者_StackOverflow
onsip.highrisehq.com : server does not support RFC 5746, see CVE-2009-3555
How can I by pass by It? I assume that this is because of the Server misconfiguration, but I can't wait till someone from 37 signal will fix it. thanks for your help
Well - "see CVE-2009-3555". Basically it's a server side vulnerability which might allow to compromise a TLS/SSL session.
I'm not sure there's anything you can do on the client side to resolve this, until 37signals update their servers.
This is sort of a hack, but another option (instead of the XHR request) is a "hidden" (1px by 1px) IFRAME. It's not pretty, but I've used it in situations where I had (different) problems with the XHR route (and there might even be a way to hide it entirely, but the 1px/1px works for me so I've never bothered to try anything else).
Just change the frame's src attribute to "make a request", then view it's document to read the "response".
精彩评论