Ian Grigg wrote:
Someone sent me this question - any ideas?
(RFCs 2817, 2818 cover HTTP/TLS and upgrading from clear to SSL only, not HTTP/SSL. Eric Rescorla's book is .. close, but as it's fairly new, what was used beforehand?)
iang
Ian, the questions being asked here are vare vague and open. Please encourage your correspondent to ask his questions here in this newsgroup, and to be specific about what is wanted.
BTW, HTTP "upgrading" (running SSL/TLS on port 80) has been rather roundly rejected, IMO, for a number of good reasons. If you care, perhaps you can ask Julien to say more about this.
/Nelson
-------- Original Message -------- Subject: SSL & Browser behaviour/policies Date: Sun, 19 Sep 2004 15:27:51 +0200
Hi Ian,
I'm looking for the RFC or other "de facto" standard describing the behaviour of a browser when engaging an HTTP session over SSL.
E.g. I understand that the "Common Name" (CN) should hold the FQDN or
hostname, but I would like to understand if there is more to it. Like what
happens in case the client has a certificate as well and the server requires
the client to engage in a two sided authentication.
Any idea?
thanks
xxxx
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
