On Mon, May 22, 2000 at 11:36:42PM +0200, Tim Niemueller wrote:
> Hi mod_ssl users,
>
> I have a question about the behavior of mod_ssl:
>
> Someone connects to a secured website. Let's give it the name
> secured.com. The browsers have no certificate they can provide so they
> must authenticate through basic auth. Now my question: You have to enter
> the auth data if you call the server. Will the first authentication be
> secured by SSL or will there be first the authenticaten and then the SSL
> encryption or will the server first establish the SSL connection and
> then authenticate?
>
This question seems to pop up once every month ... it might even qualify
for a place in the FAQ ;-)
But back to your question: If the url that requests basic auth is on an
SSL protected server, then the username/password will also be protected.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
