Forum Discussion

Nimbostratus

Apr 16, 2010

SSL Protocol Question

Before pursuing a potentially fruitless experiment, I thought I'd ask first. This is about the SSL/TLS protocol. Given: 1. A client with a valid certificate (issued to each user) -- C 2. A server wit...

config

design

hoolio

Cirrostratus

Apr 22, 2010

The major issue I see with this is that I think it would require renegotiating the SSL handshake mid-session. Doing so would mean you'd have to leave yourself open to the recent SSL renegotiation vulnerability described here:

http://extendedsubset.com/?p=8

http://www.links.org/?p=780

http://www.ietf.org/mail-archive/web/tls/current/msg03928.html

If this doesn't frighten you away from the solution, I can try testing a rough example (or at least try to put it down in psuedo code. Let me know what you think.

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)