robd wrote:
Not sure why you would want to bother with the initial SSL handshake if
you don't want encryption but you could renegotiate with a different
ciphersuite that doesn't use encryption, like rsa_null_sha. Not sure
how to do this in NSS but in this is supported by the SSL/TLS
protocols.
NSS supports hose "null" encryption cipher suites.
You can use SSL_CipherPrefSetDefault or
SSL_CipherPrefSet to specify that only the "null"
encryption cipher suites are enabled:
http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1084747
http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslfnc.html#1214758
Our documentation is out of date. In addition to
SSL_RSA_WITH_NULL_MD5, we also support
SSL_RSA_WITH_NULL_SHA. Please consult our header
file sslproto.h for the current list of supported
cipher suites:
http://lxr.mozilla.org/security/source/security/nss/lib/ssl/sslproto.h#111
An SSL connection can be closed without closing the
underlying TCP connection. Off the top of my head,
I don't know if NSS's SSL library allows you to do that.
Wan-Teh
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
