Nelson B wrote: > Please read appendix E.2 of the SSL3 specification and TLS standard. > (It's the same appendix and same text in both documents). > SSL3 spec: http://wp.netscape.com/eng/ssl3/draft302.txt > TLS standard: http://www.rfc-editor.org/rfc/rfc2246.txt Thanks for this interesting link
> But not all SSL2+SSL3 capable servers implement that rollback attack > detection. I'd guess that the server you used is one of those that does > not. Yes I think so ... I tried with a couple of servers but definitly not all servers :) Thanks Kikx Very interesting _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
