Jump to content

Escapees website


Ron

Recommended Posts

I'm now thinking there is a problem with the Escapees SSL certificate and my web browser is just doing its job of trying to protect me. Any experts here that can shed a little more light on this?

While I don't consider myself to be the expert, I do have a pretty good background in data, logic, and trouble shooting, albeit a little bit out of date now. My reaction to your thought is that if true, why do so few users run into any problems? I have used IE, Firfox, Sari, and Chrome to access both the Escapee site and the Xscapers site, both with my HP running Windows 8.1 and with my Mac and no problems what so ever. For that reason it still seems to me that the issue must be on your end.

Good travelin !...............Kirk

Full-time 11+ years...... Now seasonal travelers.
Kirk & Pam's Great RV Adventure

            images?q=tbn:ANd9GcQqFswi_bvvojaMvanTWAI

 

Link to comment
Share on other sites

Chrome, Firefox, Konquer on Linux and Chrome, IE on Windows are working fine here.

 

Know nothing about Apple stuff.

 

Is there any chance you are running an extension like HTTPS Everywhere or have a setting in your browser that does something similar?

First rule of computer consulting:

Sell a customer a Linux computer and you'll eat for a day.

Sell a customer a Windows computer and you'll eat for a lifetime.

Link to comment
Share on other sites

I now know why I'm having trouble getting on the Escapees website. The “executive summary” is that the version of the Safari browser I’m using is not designed to support the encryption standards supported by the Escapees web server.

 

If anyone’s interested in the gory details continue reading.

 

I’m the sort of person that likes to understand the root cause of a problem rather than just bypass it somehow and get on with things. So yesterday I spent some time troubleshooting and understanding why I’m having this problem getting my Safari browser to connect to the Escapees website.

 

Starting with “first principles”:

The ONLY website I am having a problem with is Escapees.

Escapees has recently “overhauled” their website.

Before this overhaul I had no problems getting on the Escapees website.

 

Ergo, some change to the website left it incompatible with OSX/Safari. This actually was the right conclusion - but, what exactly was it that changed to caused the incompatibility, what is it about the Safari browser I’m using that is incompatible with this single website, and why are some others on this forum reporting that they are still able to use OSX/Safari without problems? Another member of the forum reported privately to me that she is using the same versions of OSX and Safari I’m using and has the same problem I'm having. This gave me some confidence that it wasn’t just some software or hardware “defect” with my particular system.

 

I discovered that the new website redirects all connections to be secure (i.e., https, encrypted). Prior to the overhaul I always communicated with the website using http. I've since learned that quite a few websites are now doing this (e.g., Wikipedia)

 

Use of https involves the use of “certificates” and certificates are known to cause problems if they aren’t properly dated, installed, approved, validated, etc.

 

So I spent quite a bit of time researching if my computer might have a problem with the certificate used by the website. This led to a discussion on the Apple Support Community forum where an expert had me try several experiments and possible fixes. The good news was I learned some new things about my computer and networking – the bad news is we were unable to solve the problem. In the end he advised I either upgrade my OS and Safari or use Firefox in place of Safari. He concluded that my version of Safari could not support this website and I can’t upgrade Safari unless I first update my OS to the latest version. I’m reluctant to upgrade my OS because there are still quite a few folks complaining about problems with the newest OS and I’d rather not do the upgrade and then find out I’ve fixed this problem in exchange for a few new ones.

 

At this point I was still thinking it had something to do with the certificates. I found a way to determine what company issued/signed the Escapees certificate and also look at the content of the certificate. There are several companies that provide this service – the Escapees certificate was provided by “Go Daddy”. I called the 24/7 support line at Go Daddy and explained the problem I was having. The help-line tech tried to get onto the Escapees website and had no problem. Then he tried it with his own personal Mac computer (rather than the company's computer) and experienced the same exact problem I was having. He then tried it on a co-worker’s non-company-owned computer and again had the same problem. He was quite surprised but had no explanation other than there might be some problem with the way the certificate was installed or configured on the host server. He said this is a problem that would have to be addressed by the Escapees' server administration techs.

 

I felt like I’d gone full circle and aside from learning a few things hadn’t made any progress in actually understanding or resolving the problem.

 

Earlier Travis reported: The problem is that in order to meet PCI compliance, the computer the store runs on cannot allow connections by SSL or TLS 1.0. PCI is an internet standard and the change appears to be fairly recent because we have not had this problem in the past.

 

Browsers that connect by using SSL or TLS 1.0 will be rejected. This has affected mostly Safari users but any browser not configured to connect using TLS 1.1 or 1.2 will not be able to connect.

 

Due to having to be PCI compliant, there is no workaround. The end user must be using a browser that is compatible. It is not a problem we can "fix" on our end other than moving the store to another computer. Even then the store computer would still have to be PCI compliant.

 

While I didn’t doubt what he was saying it just seemed extremely unlikely that my bank, credit card companies, brokerage, and the several other websites I frequent wouldn’t have also made this change, and rendered my browser incompatible. If indeed the PCI DSS (Payment Card Industry Data Security Standard) was mandating this why wouldn't ANY of these other companies have made the change. PCI makes these mandates to avoid known security issues and I assumed those other companies would be at least as interested in providing the latest in security as is the Escapees store – those big companies each have an "army" of IT folks and they have a lot more to lose!

 

I decided to try to understand more about PCI and the relevant encryption standards. That’s a science in itself. Here’s a very brief summary of what I “think I know”. “In the beginning” secure internet communications used a protocol/technique called “SSL” (Secure Sockets Layer). It is a standard way of encrypting the communication messages between the user’s computer (client) and the website's computer (server). The techniques used involve data “keys” - sort of like a pseudo random number that is used by an algorithm to convert open data messages into encrypted data messages. As computers became more powerful, and the security threats evolved, SSL was forced to evolve to make these encrypted messages more difficult to “crack”. The original SSL has evolved to TLS (Transport Layer Security) over time through the following versions: SSL 1.0, SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2.

 

TSL 1.0 was introduced in 1999 and is still widely used on the internet. TLS 1.1 (2006) and 1.2 (2008) came about in response to “man in the middle” and “BEAST” threats. Although these threats and the encryption upgrades to address them have been available for several years, nearly all websites still allow the use of TSL 1.0. Recently PCI has recommended (mandated?) that all new website implementations allow the use of ONLY TSL 1.1 and 1.2 and furthermore they must stop using any version of SSL and TSL 1.0 (and perhaps even TSL 1.1) by June 30, 2016. Since PCI audits of a secure website must meet this requirement after June 30, 2016 I expect that all of those secure websites I use will stop supporting TSL 1.0 sometime over the next year.

 

I found a software tool that allowed me to test any website to determine which encryption standards it allowed and which ones it does not allow. I found that all the secure websites I use still support TSL 1.0 except for the Escapees website which only supports TSL 1.1 and 1.2. Further research indicated that the version of Safari I’m using supports TSL 1.0 but not TSL 1.1 or TSL 1.2. Newer versions of Safari do support TSL 1.1 and TSL 1.2.

 

Other folks that are using any one of several popular web browsers that are not the latest version might well run into this same problem. This website has a comprehensive list of browsers vs. encryption standards supported that might be of interest. The table also shows the vulnerability of the those browsers to various threats.

 

For the time being I’ve downloaded the latest version of Firefox for Mac. It is compatible with the Escapees website so I’ll use it just for that. Before too long I’ll probably update my OS and Safari.

 

Good for Escapees - they are out there on the forefront of technology allowing only the latest/greatest encryption technology on their new website!

 

 

Ron Engelsman

http://www.mytripjournal.com/our_odyssey

Full-Timing since mid 2007

23' Komfort TT

2004 Chevy Avalanche 4x4 8.1L

Link to comment
Share on other sites

 

 

Good for Escapees - they are out there on the forefront of technology allowing only the latest/greatest encryption technology on their new website!

 

 

 

Thank you Ron and Elena. When we updated the site we happen to hit the new changes right after they became the new standard. While it may cause some issues for some users until this issue gets updated across the web, security is one of our biggest priorities.

Link to comment
Share on other sites

  • 2 weeks later...

I emailed the Escapees about not being able to get onto the new website. The response was:

Thank you for your e-mail. I sent your e-mail to the IT department and this is the response they sent me. Have a blessed day!!!!

I’m sorry that you are having problems accessing the Escapees website. In most cases, this disconnect is being caused by a browser compatibility issue. Without getting too technical, here’s what is going on.

In April 2015, a new security standard was implemented by our credit card processing company. This industry-wide change essentially blocks secure connections from web browsers that use older/outdated security protocols. In order for the Escapees website to be in compliance with this new industry standard (and to maintain the security of our website and your personal information), we must implement this new standard. Over the course of the next 12 months, many other websites and internet-based businesses will be required to adopt this enhanced security standard.

Many of the common web browsers have already been updated to accommodate this change. The current versions of Internet Explorer, Firefox and Google Chrome all support the new standards. Unfortunately, the current desktop and tablet versions of Safari do not. This means that many Macintosh users will not be able to access any website that has implemented the new security standard.

Currently, there is no estimate on when Safari will be updated to support the new standards. As an interim solution, Mac users can download either Firefox or Chrome. Both are free, easy to use, and support the new security standard.

The Escapees club wants all of our members to be able to access our website easily. If there was some way for us to fix this issue on our end, we would have already done so! However, we are required to implement this new security standard if we want to operate our online store and continue to process credit cards. Since we can’t change the industry requirement, the only way that members will be able to access our site is with a compliant browser. If you are unable to access escapees.com, please consider either updating your current browser, or downloading a compliant browser, like Chrome or Firefox.

Chrome: https://www.google.com/chrome/browser/desktop/index.html

Firefox: https://www.mozilla.org/en-US/

 

Sherri Burks

General Manager

Escapees RV Club

1 888 757-2582

----------------------------------------

Not a viable solution since I refuse to use Chrome and have no need / desire to switch browsers, Opera being my choice.

Finally, after reading Ron and Elena’s post, I did a search on Opera and TLS 1, TLS 1.1, TLS 1.2 and found a simple answer.

Opera tools > Preferences > Advanced > Security > Security Protocols . Check enable TLS 1, TLS 1.1 and TLS 1.2 > OK. Everything works now!

I don’t know whether other browsers have anything similar, but it might be worth checking. I could have saved several weeks of frustration had this information been included initially, instead of being told that I would have to switch to Chrome.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...