Dr Stephen Henson wrote:
> Jean-Marc Desperrier wrote:
> >
> > Ben Laurie wrote:
> >
> > > > No - it is a limitation of the current usage of http over SSL, where the
> > > > SSL negotiation happens before the Host: header. It is a general problem
> > > > inherent in most simplistic SSL-ing of protocols, where the rush to SSL-ify
> > > > meant that the protocol got broken, rather than integrating SSL into the
> > > > protocol itself.
> > > >
> > > > See draft-ietf-tls-http-upgrade-05.txt to see how this can be fixed.
> > >
> > > This is, of course, true, but doesn't really get us anywhere, since no
> > > browser supports it.
> >
> > Get to work. Add support for it in Mozilla. Microsoft will follow.
> >
>
> No possible currently. The Mozilla security library not only doesn't
> compile it also has some crucial configuration files and headers
> missing. Its currently there just to give people a sneak preview. It
> isn't usable.
Anyway, I imagine it would take _quite_ some work and they are other priorities.
I realised after posting I had forgotten the smiley.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
