> On Fri, Dec 30, 2005, Kyle Hamilton wrote:
> Yes, you start with an unauthenticated ciphersuite (for example
> anon-DH) and
> then renegotiate the session. The initial handshake is sent in
> the clear, the
> second one would use the existing ciphersuite.
>
> That wont thwart a man in the middle attack on the initial anon-DH session
> though which would reveal the second handshake data.
You usually make more sense than this. You start out saying "yes", and
then
present a way that doesn't do what he asked at all.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
