On 12/14/06, Martin Heiden <[EMAIL PROTECTED]> wrote:
It's pretty valid!
I don't think so.Just checked out the TLS rfc and found this (TLS ver. 1.0): These goals are achieved by the handshake protocol, which can be summarized as follows: The client sends a client hello message to which the server must respond with a server hello message, or else a fatal error will occur and the connection will fail. The client hello and server hello are used to establish security enhancement capabilities between client and server. The client hello and server hello establish the following attributes: Protocol Version, Session ID, Cipher Suite, and Compression Method. Additionally, two random values are generated and exchanged: ClientHello.random and ServerHello.random. As i see this if the client does not sends a hello message then server should drop the connection .So,if i am pointing my browser to ssl port using http scheme ,the connection should be dropped. I think that most (non-java at least) servers works this way just try to telnet to ssl port of say gmail ,you get nothing. I of course could be wrong,and that is for developers to decide .However what i am looking to be sure of, is that the strange bits are actually the server hello and not a bug/not cleaned buffer/security problem. However ,if i understand correctly you can reproduce my results? Is that right ?Do you use the same version of tomcat ?JVM? Thanks for response. Evgeny.
regards Martin. --------------------------------------------------------------------- To start a new topic, e-mail: [email protected] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
