HTTP woes

gav on 2003-10-16T03:43:28

It seems that neither LWP or Curl want to talk to Capital One's online service. They claim:

• You are using Netscape 4.0 through 4.07, which we cannot support for online account transactions due to security reasons.
• You are using a browser that is incompatible with our Online Account Services system. We suggest Netscape version 4.08 or higher or Internet Explorer version 4.0 or higher. For Macintosh users, we suggest Internet Explorer version 4.5 or higher.
• Your browser does not support 128-bit encryption.

I'm spoofing an IE 6 user agent string, so I'm guessing it's the 128-bit issue. Comparing the differences in %ENV between IE and LWP the only thing that stands out is that for LWP it sets SSL_CIPHER_ALGKEYSIZE=168, SSL_PROTOCOL=TLSv1, and SSL_CIPHER=EDH-RSA-DES-CBC3-SHA; IE sends SSL_CIPHER_ALGKEYSIZE=128, SSL_PROTOCOL=SSLv3, and SSL_CIPHER=RC4-MD5.

Does anyone know how to work around this?

---

Agent strings

petdance on 2003-10-16T14:04:17

I don't have a solution for your problem, but do want to point out that WWW::Mechanize has 6 different aliases you can use, like

$mech->agent_alias( 'Windows IE 6' );

which sets the user agent to "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)".