WebApp Sec mailing list archives

Re: SSL Question

From: "Tom Stowell" <jts () deforest k12 wi us>
Date: Mon, 22 Dec 2003 15:38:15 -0600

It should be sent ciphertext, once a session is up and running.  Think of SSL as just another link layer.

If you have any doubt, use tcpdump or ethereal to watch it happen.



Tom Stowell
Network Administrator
DeForest Area School District
520 E. Holum St.
DeForest, WI 53532
Fax: (608)-842-6545
Voice: (608)-842-6500
Email: <jts () deforest k12 wi us>

"bob" <bob () calweb com> 12/22/03 03:23PM >>>

If I send out an https link with authentication information
in it, is the initial HTTPS Get command with the tokens sent
in the clear or does this happen after the SSL session
handshake is established ?

Current thread:

SSL Question bob (Dec 22)
- Re: SSL Question RSnake (Dec 22)
- <Possible follow-ups>
- Re: SSL Question Tom Stowell (Dec 22)