Aleksey Sanin wrote:
Indeed. It should be easy to implement the HTTP TLS upgrade with NSS.
You can start your connection with regular NSPR sockets, and then
upgrade the socket to TLS with SSL_ImportFD at the time your HTTP
engine determines it is needed .
Thanks for the answer! My question was exactly that: can SSL_ImportFD
"upgrade" to SSL "on-the-fly" :)
You may also need to call SSL_ResetHandshake .
And another question (related) to this. Is it possible with NSS to setup
a socket to accept both "plain text" and encrypted TLS connections?
No, NSS doesn't have code that attempts to differentiate plaintext and
SSL . Application protocols I'm aware of specify either different ports
for plaintext and SSL/TLS, or a method that starts in plaintext mode and
then switches to SSL/TLS - eg. STARTTLS and HTTP TLS upgrade.
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
