Re: [xml] SSL/TLS support

From: Igor Zlatkovic <igor stud fh-frankfurt de>
To: <aleksey aleksey com>
Cc: <xml gnome org>
Subject: Re: [xml] SSL/TLS support
Date: Mon, 20 May 2002 23:26:21 +0200

Hi there.

Well, w/o random generator seed you'll not be able to generate session

keys

for SSL and by this you'll not be able to start the connection. In the
same time,
w/o trusted certificates initialized, your client will not be able to
verify the
certificate that server sends to you and by this the handshake fails
(and the connection
is failed). These are not security measures but steps to establish the
connection.


Uh... that I didn't know. Please forgive my ignorance. I thought that the
initialising the RNG would give a high quality keys, but I didn't suspect
that it would showstop the generation of the session-key alltogether. Also,
I believed that the certificate check must be done manually and had no idea
that OpenSSL performs this automatically.

Okay, I am interrested in the matter, but we should perhaps continue talking
about this in private, preventing the exposure of the mailing list to
non-xml issues and also preventing my further blamage in public :-) :-)

Ciao
Igor

References:
- [xml] SSL/TLS support
  - From: Igor Zlatkovic
- Re: [xml] SSL/TLS support
  - From: Aleksey Sanin
- Re: [xml] SSL/TLS support
  - From: Igor Zlatkovic
- Re: [xml] SSL/TLS support
  - From: Aleksey Sanin

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]