browser vendors and CAs agreeing on high-assurance certificat es
Ben Laurie
ben at algroup.co.uk
Sat Dec 24 12:38:20 EST 2005
Eric Rescorla wrote:
> Ben Laurie <ben at algroup.co.uk> writes:
>>> And we need SSL v2 to die so it doesn't interfere
>>> with the above.
>> Actually, you just disable it in the server. I don't see why we need
>> anything more than that.
>
> The problem is that the ServerHostName extension that signals
> which host the client is trying to contact is only available
> in the TLS ClientHello.
Sure, but if the server won't negotiate SSL 2, why is this a problem?
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
** ApacheCon - Dec 10-14th - San Diego - http://apachecon.com/ **
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list