[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MSIE cryptography

To: [email protected]
Subject: Re: MSIE cryptography
From: "John Hemming - CEO MarketNet" <[email protected]>
Date: Thu, 29 Aug 1996 19:42:10 PM PDT
Sender: [email protected]

Eric Murray writes:

>Peter Trei writes:
>> 
>> John Hemming - CEO MarketNet"  <[email protected]> writes:
> 
>> > Just downloaded the most recent English Version 2.1 for Windows 3.1.
>> > This does appear to do the same in terms of no encryption at all after
>> > the server hello.
>> Please ensure that the server you are connecting to is not configured for
>> authenticate-only. It would be a pity to raise a big ruckus over what may be
>> just a mis-configured server.

>In addition, encryption isn't performed until after the ClientFinished
>and ServerFinished messages, no matter which CipherSuites are negotiated.

Actually the server verify message should be encrypted (to verify the
key negotiation).  Also the server and client finished should be encrypted.
I don't actually get the client finished record or client master key record.

However, I don't get those all I get is the cleartext data in packets of
SSL record format.   I have done a little more experimentation and it does
appear quite clear that this happens with a non standard (ie not
Verisign and a few others) X509 Certificate.

In the trace that I have posted it is clear that cypher 02 00 80 has
in theory been negotiated.

Prev by Date: CyberTerrorism Thoughts
Next by Date: Elliptic Curve Y**2 = x**3 + a * x**2 + b
Prev by thread: Re: MSIE cryptography
Next by thread: Re: Thoughts on CyberTerrorism {per request}
Index(es):
- Date
- Thread