Bob,
Bob Relyea wrote:
Aleksey Sanin wrote:
Hi!
Is it possible to support rfc2817 (upgrade to TLS within http)
using NSS on the client and/or server side? I found a couple topics
about this but none have exact answer:
http://groups.google.com/group/netscape.public.mozilla.crypto/browse_thread/thread/c4a57f79737ed71d/e3649467ff9f3b6d?q=rfc+2817&rnum=1&hl=en#e3649467ff9f3b6d
http://groups.google.com/group/netscape.public.mozilla.crypto/browse_thread/thread/1e0cec54eb872308/1949a07e185966f2?q=rfc+2817&rnum=4&hl=en#1949a07e185966f2
Note that I clearly understand Julien's concerns from the second
topic but this is not for a regular http server and web browser :)
This spec is an http spec, telling how the http protocol decides to
initiate an SSL or TLS connection.
NSS only implements the SSL or TLS transport, so there is nothing in NSS
that I know of that needs to be done to make this work The work to
implement this would be in your http engine.
Indeed. It should be easy to implement the HTTP TLS upgrade with NSS.
You can start your connection with regular NSPR sockets, and then
upgrade the socket to TLS with SSL_ImportFD at the time your HTTP engine
determines it is needed .
_______________________________________________
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto
