Hi *, imagine the following scenario:
Server: has its own private/public-key pair Client: has the public-key of the server Man-in-the-middle: has the public-key of the server If the client asks the server for a secure connection, the server starts its handshake by sending a suggestion of a private-private-key encryption (encrypted with its private-key). Right so far? Is it possible for the man-in-the-middle to eavesdrop the handshake sequence of server and client, to decrypt it with the servers public-key and to get the private-key of the server-client SSL session for a man-in-the-middle attack? In other words, is it possible to etablish a secure connection in this scenario at all events or do one need necessarily a private/public-key pair on the client-side? Thx in advance Stefan Hans ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
