>
> Hi there,
>
> I'm using ssl to enable a secure communication between a client and server.
> The client is authenticated by using userid/password and the server by
> server certificate. Is there a problem that Man-in-the-middle could
> communicate with the server after the client login.
The client can be assured that there is no man in the middle attack by
verifying the certificate that is received from the server. The
server has no method for verifying there is no man in the middle
unless the client sends a verifiable certificate as well.
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit Project * Columbia University
612 West 115th St #716 * New York, NY * 10025
http://www.kermit-project.org/k95.html * [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
