[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] self issue of certificates

Subject: Re: [cobalt-security] self issue of certificates
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Fri, 01 Mar 2002 10:07:40 -0800
Organization: nobaloney.net
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Jelmer Jellema wrote:

> By the way. I read something about the auth part of the https connection
> starting *before* the ssl-encryption was established, thush sending the
> apache auth password unencrypted, only to start encrypting right after?
> Maybe I misunderstood? (hope so).

Cobalt assures me the encrypted session is started before the password
is sent; but the browser doesn't update until after the login window
goes away.

This looks to be true but I haven't done anything to "prove" it.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA  92517
voice: (909) 778-9980  *  fax: (702) 548-9484

References:
- [cobalt-security] self issue of certificates
  - From: duncan gray
- Re: [cobalt-security] self issue of certificates
  - From: Jelmer Jellema

Prev by Date: Re: [cobalt-security] Securing Admin Pages
Next by Date: Re: [cobalt-security] Best way to check email securely?
Previous by thread: Re: [cobalt-security] self issue of certificates
Next by thread: [cobalt-security] Updated RPMS for proftpd, imapd and qpopper

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index