browser vendors and CAs agreeing on high-assurance certificat es

Ben Laurie ben at algroup.co.uk
Sat Dec 24 12:38:20 EST 2005


Eric Rescorla wrote:
> Ben Laurie <ben at algroup.co.uk> writes:
>>> And we need SSL v2 to die so it doesn't interfere
>>> with the above.
>> Actually, you just disable it in the server. I don't see why we need
>> anything more than that.
> 
> The problem is that the ServerHostName extension that signals
> which host the client is trying to contact is only available
> in the TLS ClientHello.

Sure, but if the server won't negotiate SSL 2, why is this a problem?
-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/
**  ApacheCon - Dec 10-14th - San Diego - http://apachecon.com/ **
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list