WebApp Sec mailing list archives
SSL and replay attacks
From: Ajay <abra9823 () mail usyd edu au>
Date: Thu, 7 Oct 2004 13:12:23 +1000
hi! i have a client-server application, where clients download data from the webserver over SSL. the data downloaded is signed. do i need to include a nonce in the signature to prevent replay attacks? I am thinking that since the exchange is over SSL, an attacker would not be able to obtain the signed data in order to replay it. thanks cheers ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Current thread:
- SSL and replay attacks Ajay (Oct 07)