> On Fri, Dec 30, 2005, Kyle Hamilton wrote: > Yes, you start with an unauthenticated ciphersuite (for example > anon-DH) and > then renegotiate the session. The initial handshake is sent in > the clear, the > second one would use the existing ciphersuite. > > That wont thwart a man in the middle attack on the initial anon-DH session > though which would reveal the second handshake data.
You usually make more sense than this. You start out saying "yes", and then present a way that doesn't do what he asked at all. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]