Does anyone have a pointer to why the session ID in SSLV3 is in the clear, rather than encrypted? I'm sure there's a good reason for it (audit? logging? other...?) but I'm trying to pin down exactly why it was done that way. Can anyone point me in the right direction? mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
- Re: Clear Session ID in SSLV3 Marcus J. Ranum
- Re: Clear Session ID in SSLV3 Eric Young
- Re: Clear Session ID in SSLV3 Ben Laurie
- Re: Clear Session ID in SSLV3 Tom Weinstein
