>I'm confused.... SSL 3.0 does not necessarily need a client cert - does it? >The connection would still use the public key right? Are you saying that >Auth.net is requiring you to specify the client cert as a part of the >handshake?
Mark, I checked with AuthNet and you're right, they are not requiring a client cert. So it looks like this will be a bit less of a concern, assuming that CFHTTP is using the same protocol as the underlying web server (most of which are going to be at least v3.0). It may however still be a problem on some older CF versions, I would expect CF5 might have problems with it. In corresponding with AuthNet, they did say that they will try to roll out the requirement on the test server first so we can check our sites and make sure they are still working, but I don't have a date from them yet on when they expect to be able to do that. --- Mary Jo Sminkey CFWebstore, ColdFusion-based Ecommerce http://www.cfwebstore.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:319510 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
