WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: encryption over the web

From: "Pawel Jablonski" <gorion () hacking pl>
Date: Mon, 14 Jun 2004 19:39:55 +0200

Hi there,

Secure Sockets Layer (SSL) is a protocol is designed to support a range of
choices for specific algorithms used for cryptography, digests, and
signatures. This feature allows a server to pass a server certificate along
with issuer certificates to the browser. Chain loading also permits the
browser to validate the server certificate, even if Certificate Authority
certificates are not installed for the intermediate issuers, since they are
included in the certificate chain. SSL 3.0 is the basis for the Transport
Layer Security TLS protocol standard, currently in development by the
Internet Engineering Task Force (IETF). There's also Securing HTTP
Connection, the secure version in mainly plain HTTP over SSL (named HTTPS
using port 443), this mainly is what mod_ssl provides. It's highly
recommended to use these, but as big as I know them, I doubt there's a big
need of additional options to think of.

Greets,
Pawel "gorion" Jablonski


----- Original Message -----
From: "OPTUSBYS" <bysoo1 () optusnet com au>
To: <webappsec () securityfocus com>
Sent: Monday, June 14, 2004 9:48 AM
Subject: encryption over the web



Hi there,

If I were to enable encryption security for authorized people to access my
web page, how many implementation options there are available?

Is SSL the only option to think of?

Thank you.


Regards,
Seeker
Previous By Date Next
Previous By Thread Next

Current thread: