>
> Can I send data to a client via normal send() call before I call =
> SSL_Accept? I would like to send a message to my client that identifies =
> the server and it's options, like if SSL is being used or not? Will this =
> mess up the SSL handshake ?
>
You will need to ensure that you synchronize the peers and clear the
data channel prior to beginning the SSL/TLS handshake.
There is a security concern that you must be aware of. Since
everything that is being sent over the wire prior to the use of
SSL/TLS is in plaintext, it can be tampered with. Therefore, you
can't trust its contents. You absolutely should not use the contents
of the plaintext data to determine if you should negotiate SSL/TLS.
Jeffrey Altman * Sr.Software Designer
The Kermit Project * Columbia University
612 West 115th St * New York, NY * 10025 * USA
http://www.kermit-project.org/ * [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
