Jean-Marc Desperrier wrote:
>
> Ben Laurie wrote:
>
> > > No - it is a limitation of the current usage of http over SSL, where the
> > > SSL negotiation happens before the Host: header. It is a general problem
> > > inherent in most simplistic SSL-ing of protocols, where the rush to SSL-ify
> > > meant that the protocol got broken, rather than integrating SSL into the
> > > protocol itself.
> > >
> > > See draft-ietf-tls-http-upgrade-05.txt to see how this can be fixed.
> >
> > This is, of course, true, but doesn't really get us anywhere, since no
> > browser supports it.
>
> Get to work. Add support for it in Mozilla. Microsoft will follow.
>
No possible currently. The Mozilla security library not only doesn't
compile it also has some crucial configuration files and headers
missing. Its currently there just to give people a sneak preview. It
isn't usable.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
