3-Nov-98 23:54 you wrote:
> In communicator-pro-v406-export.x86-unknown-linux2.0-glibc2.tar.gz
> It seems reasonable to expect that, when accessing a secure server, a
> session key would be exchanged _before_ any other communication between the
> server and browser. Superficially, this does _not_ seem to be the case with
> Netscape's Communicator.
Of course it is the case with Netscape Communicator, Lynx-SSL and even %$% MS IE...
> When Communicator accesses a password protected secure site for the first
> time, first, I receive a certificate dialog box, second, I receive a
> password dialog box, third, I receive a secure document dialog box, fourth,
> I receive the web page, and lastly, the lock icon locks. Now this bit with
^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^
> the lock icon is what doesn't give me that warm-fuzzy-feeling.
That is even if you got encrypted page lock icon locks only AFTER web-page was
received!
> Perhaps this is just bad user-interface design on Netscape's part. I would
> have expected the lock icon to lock second, right after the certificate
> dialog box, and _before_ the the password dialog box. I am skeptical that
> this would not be what occurs in practice, but I've got to find out.
Looks like you are never program such packages :-(( Of course state of icon
in Netscape will net be changed till handshake (at least handshake) will be
completed! In reality not just handshake must be completed but the whole
document must be downloaded...
> Alternatively, the lock icon does, in fact, display the true state of the
> SSL negotiation, WHICH IS WHAT IT SHOULD DO, and, in fact, Communicator is
> sending the secure site password in clear text, and is not very useful as a
> secure browser.
> So, please, which is it?
Just COMPLETELY wrong instrument selected for job. Usage of big buggy package
(Netscape Communicatir) without sources and even without log ability to find
out something about things deep in SSL ... Are you on drugs ? I could not
find other explanation for this try to find SOMETHING about SSL via Netscape
buttons! This looks like try to find appendix state via shirt, suit and fur
coat... Use mod_ssl logs or such not Netscape lock icon (BTW lock icon in
Netscape shows state of RECEIVED document, not state of connection AFAIK) !!!
"In communicator-pro-v406-export.x86-unknown-linux2.0-glibc2.tar.gz" ... Hm.
Weird. I'm ready to got such question from dumb Winblows user but from Linux
user... Unbeliveable :-((
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
