As long as the handshake is called in the proper order (client must speak first, which means client must initiate the handshake), it doesn't matter when that happens during a connection's lifetime. The server does need to be expecting it, or it would try to handle the data normally instead of passing it to gnutls for handshaking. Provided both ends are expecting it when it happens, and the client goes first, you won't have any problems.
This is generally referred to as 'starttls'; it's a great way to support both SSL and non-SSL connections, but care needs to be taken to avoid MITM attacks stripping the SSL (for example, an attacker faking a response from the server stating that SSL is not supported, to force your connection to remain unencrypted), and to ensure that nothing private is sent before the SSL connection starts. - John Brooks On Sun, Sep 14, 2008 at 6:06 AM, Lennart Koopmann <[EMAIL PROTECTED]> wrote: > Hello everyone, > > i am using GNUTLS in a server i am currently writing on. I am planning > to implement a handshaking procedure: > > 1. Client requests TLS or non-TLS encryption. > 2. Server responds if packets are accepted and if TLS is available. > 3. Client sends data corresponding to reply from server. > > Can i just place the gnutls_handshake() when TLS is available and client > chose to use TLS? Could there be sync problem because gnutls_handshake() > is not the first thing that is done in the socket > connection/conversation? > > Please, i need your experience. :) > > Thank you! > > So long > Lennart > > > > _______________________________________________ > Help-gnutls mailing list > [email protected] > http://lists.gnu.org/mailman/listinfo/help-gnutls > _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
