As for Telnet over SSL, which are you implementing:
. Tim Hudson's hack (AUTH SSL)
. The IETF's START_TLS
?
Tim Hudson's hack does not prevent man in the middle attacks and
requires that user's submit their passwords to the server (which may
or may not have been compromised.) The START_TLS protocol is the
preferred method to implement.
I have a START_TLS implementation and would love to help you with
things if only I could. But as a U.S. citizen ....
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit Project * Columbia University
612 West 115th St #716 * New York, NY * 10025
http://www.kermit-project.org/k95.html * [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
