WebApp Sec mailing list archives
Re: SSL Question
From: "Tom Stowell" <jts () deforest k12 wi us>
Date: Mon, 22 Dec 2003 15:38:15 -0600
It should be sent ciphertext, once a session is up and running. Think of SSL as just another link layer. If you have any doubt, use tcpdump or ethereal to watch it happen. Tom Stowell Network Administrator DeForest Area School District 520 E. Holum St. DeForest, WI 53532 Fax: (608)-842-6545 Voice: (608)-842-6500 Email: <jts () deforest k12 wi us>
"bob" <bob () calweb com> 12/22/03 03:23PM >>>
If I send out an https link with authentication information in it, is the initial HTTPS Get command with the tokens sent in the clear or does this happen after the SSL session handshake is established ?
Current thread:
- SSL Question bob (Dec 22)
- Re: SSL Question RSnake (Dec 22)
- <Possible follow-ups>
- Re: SSL Question Tom Stowell (Dec 22)