>Are there any recommended ways to avoid certificates being sent in cleartext? >That is, to first establish an anonymous encrypted channel, and then to >authenticate within the encrypted channel.
Not without breaking the protocol. >I am also aware of some of the work in progress on TLS 1.3. It would be >helpful to understand what is reasonable to expect from the changes introduced >in (D)TLS 1.3 in this respect. Perhaps the tls@ietf list is a better place to discuss this. _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
