SEC7111: HTTPS security is compromised using IE9 and Socket.IO

Question

SEC7111: HTTPS security is compromised using IE9 and Socket.IO

I'm using Socket.IO for a NodeJS web application. The page is served on SSL and my connection looks like this:

var socket = io.connect('/');

This works on pretty much any browser except IE9. On IE9 (in Windows 7), I get this error in the console:

SEC7111: HTTPS security is compromised by https://app.mysite.com/socket.io/1/htmlfile/m9Zjap56uyEbx4eptg27?t=1375727354386

The socket never connects. The type of SSL is SNI and the page that is running the code is on the same sub-domain. For example: https://app.mysite.com/project/show/12345

I've also tried the following, but it made no difference:

var socket = io.connect('/', { secure: true });

Any ideas how I can make it work on IE9?

node.js
internet-explorer
socket.io

Answer 1

What transports are you using? I know IE9 has trouble with true websockets so falling back to something like flashsockets might work for you. Try something like this:

io.set('transports', [
     'websocket'
   , 'flashsocket'
   , 'htmlfile'
   , 'xhr-polling'
   , 'jsonp-polling'
 ]);

Ideally IE9 would fail with websockets and then succeed with flashsockets (Port 10843 and should count as secure).