On Tue, 5 Aug 2003, Bartel, Lawrence wrote: > > I would like to know if the authentification i.e. : wget > > https://user:[EMAIL PROTECTED] is send clearly to the https server, or if wget deal > > with it as a proper https clien, ie: it send the user/pwd in a ecrypt way.
> According to http://www.gnu.org/manual/wget/html_mono/wget.html#SEC49 they > are not encrypted. That is just plain wrong. When using SSL, the client connects and does an SSL handshake before any actual HTTP authentication has been sent to the server. Thus, if the SSL handshake is successful, the HTTP authentication credentials will be sent to the server encrypted over the SSL connection. -- Daniel Stenberg - http://daniel.haxx.se - +46-705-44 31 77 ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol
