No, not the fingerprint check. That the server accepts only ssl OR non-ssl connections. That man-in-the-middle part is clear to me.
23.10.2009 21:33 schrieb am "Hartmut Goebel" <[email protected]>: Tobias Paepke schrieb: > Thanks for the explanation. I was not aware that this is already be > implemented. Parton, what so you thing is already implemented? The fingerprint check? > As i mentioned before: take care of the server side to and let him > decide which clients he wan... This is only half way there. The client, if configured to use SSL, must only accept SSL and not fall back to non-SSL. This is part of the other half of the way :-) -- Schönen Gruß - Regards Hartmut Goebel Dipl.-Informatiker (univ.), CISSP, CSSLP Goebel Consult ... --~--~---------~--~----~------------~-------~--~----~ [email protected] mailing list -~----------~----~----~----~------~----~------~--~---
