Someone sent me this question - any ideas?
(RFCs 2817, 2818 cover HTTP/TLS and upgrading from clear to SSL only, not HTTP/SSL. Eric Rescorla's book is .. close, but as it's fairly new, what was used beforehand?)
iang
-------- Original Message -------- Subject: SSL & Browser behaviour/policies Date: Sun, 19 Sep 2004 15:27:51 +0200
Hi Ian,
I'm looking for the RFC or other "de facto" standard describing the behaviour of a browser when engaging an HTTP session over SSL.
E.g. I understand that the "Common Name" (CN) should hold the FQDN or hostname, but I would like to understand if there is more to it. Like what happens in case the client has a certificate as well and the server requires the client to engage in a two sided authentication.
Any idea?
thanks
xxxx _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
