httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr Stephen Henson <shen...@oss-institute.org>
Subject Re: Server Gated Certs (Was: TLS renegotiation attack, mod_ssl and OpenSSL)
Date Fri, 06 Nov 2009 01:52:26 GMT
Dirk-Willem van Gulik wrote:
> we propably
> only have the step up 'Server Gated Certs'* let to check.
> 
> Does anyone have such a beast for testing ?
> 

There are two separate types used by Mozilla (Step up?) and Microsoft SSL/TLS
(SGC?) implementations IIRC. One completes the handshake then starts a new
session the second cuts it half way through.

Been many years since I looked at those though. I recall having to alter the
state machine to accommodate the Microsoft flavour. (Checks code, yes look for
SGC comments in there)

Steve.
-- 
Dr Stephen N. Henson. Senior Technical/Cryptography Advisor,
Open Source Software Institute: www.oss-institute.org
OpenSSL Core team: www.openssl.org

Mime
View raw message