httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr Stephen Henson <>
Subject Re: Server Gated Certs (Was: TLS renegotiation attack, mod_ssl and OpenSSL)
Date Fri, 06 Nov 2009 01:52:26 GMT
Dirk-Willem van Gulik wrote:
> we propably
> only have the step up 'Server Gated Certs'* let to check.
> Does anyone have such a beast for testing ?

There are two separate types used by Mozilla (Step up?) and Microsoft SSL/TLS
(SGC?) implementations IIRC. One completes the handshake then starts a new
session the second cuts it half way through.

Been many years since I looked at those though. I recall having to alter the
state machine to accommodate the Microsoft flavour. (Checks code, yes look for
SGC comments in there)

Dr Stephen N. Henson. Senior Technical/Cryptography Advisor,
Open Source Software Institute:
OpenSSL Core team:

View raw message