//www.ietf.org/internet-drafts/draft-ietf-tls-extensions-05.txt>
Or, using a "TLS upgrade" procedure as in RFC2817 where the server name
can be specified in a Host: header before the TLS handshake is started.
For other protocols, e.g. IMAP and SMTP, the STARTTLS method is used to
do som
On Fri, Aug 30, 2002 at 02:57:12PM -0700, Neil Spring wrote:
> On Fri, Aug 30, 2002 at 06:58:00PM +0100, Andrew McDonald wrote:
> > On a similar subject, there seem to be more than a few applications
> > that have had "SSL/TLS support" added, but don't do any hos
ad "SSL/TLS support" added, but don't do any hostname
checking against the certificate - leaving you open to
man-in-the-middle attacks.
Andrew
--
Andrew McDonald
E-mail: [EMAIL PROTECTED]
http://www.mcdonald.org.uk/andrew/
3 matches
Mail list logo
