WebApp Sec mailing list archives
Re: SSL Question
From: RSnake <rsnake () shocking com>
Date: Mon, 22 Dec 2003 13:50:33 -0800 (PST)
Once again, here is the transactional model: Client hello -> <- Server hello <- Server certificate <- serverHelloDone ClientKeyExchange E(Kserv, PK) -> ChangeCipherSpec -> FIN Handshake (MAC) -> <- ChangeCipherSpec <- FIN Hanshake (MAC) Application_data HTTP request -> (GET /?data HTTP/1.0\n\n) <- Application_data HTTP response (HTTP/1.1 200 OK\n...) Alert : close_notify -> <- Alert : close_notify On Mon, 22 Dec 2003, bob wrote: | Date: Mon, 22 Dec 2003 13:23:17 -0800 | From: bob <bob () calweb com> | To: webappsec () securityfocus com | Subject: SSL Question | | If I send out an https link with authentication information | in it, is the initial HTTPS Get command with the tokens sent | in the clear or does this happen after the SSL session | handshake is established ? | -R The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is expressly prohibited and may be unlawful.
Current thread:
- SSL Question bob (Dec 22)
- Re: SSL Question RSnake (Dec 22)
- <Possible follow-ups>
- Re: SSL Question Tom Stowell (Dec 22)