To Nelson Bolyard (back from sabbatical): To pick up where we left off with use of SSL_ForceHandshake in my NSS apps: I make a call to it before I do any kind of data transfers. That way I force the authentication to happen, and can do extra checking on certificate validity, outside of standard NSS checks, things like a custom CRL checking. You indicated last that you disfavored this use of SSL_ForceHandshake, and thought cert exchange should happen on first exchange of data. However in my case, network connections will be between NSS apps that I control. I don't see how doing the SSL_ForceHandshake could lead to secnarios where connections will fail (assuming both parties always have encryption ciphers in common).
-- P
