On 12/30/05, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote: > If you don't want the server's certificate to be eavesdroppable that's tricky > because an attacker could simply connect to the server using (in this example) > anon-DH and drop the connection after it has received the server's certificate > during the renegotiation. > > Steve.
I'm modifying the protocol a little bit for my application -- basically, the peer who connects (the one who initiates the connection) needs to voluntarily identify itself before the server will volunteer any information about itself, other than that it will talk TLS. The server shouldn't send even a request for identification. (I'm going to have to go through the TLS spec again and figure out the sequence of the protocol exchange, but it shouldn't be too different from the standard state machine.) -Kyle H ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
