On Wednesday 04 May 2005 15:53, [EMAIL PROTECTED] wrote: > hello, > > I have a question: is it possible to go through the ssl handshake > process between a client and a server, and after the handshake is > complete to stop using ssl and switch to plaintext?
This question can be answered in two ways I think, although I bet others have better answers. 1. SSL includes a few cipher suites that are NULL (have a look in your browser SSL settings to see the full list, you'll find the NULL suites are turned off). So after all the handshaking and what-have- you, you could negotiate and use a NULL suite. Both sides would have to have these turned on, of course, as they are there for testing more than anything and thus turned off by default. 2. Alternatively, SSL itself stops and then you start negotiating another protocol (which is what you need by definition). In theory, SSL is a message passing protocol over a connection, so when it stops, there is no problem with you starting another protocol. But, in practice, implementations may or may not take control of the connection, and if they decide to bail out, then they can close the connection. So to know whether this is possible depends in practice on how the implementation works, I'd guess. The question one would ask is why one would want a plaintext conversation ... integrity and identity checking over an already private net would be one reason. iang -- http://iang.org/ _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
