[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [iaik-ssl] Encrypted Client Certificate?
the client certificate is carried in a certificate handshake protocol
message. the hanshake protocol is layered on top of the record layer. the
record layer operates according to the current active session state. the
session state contains the cipher spec. so whether handshake messages are
encrypted or not depends on the current cipher spec. during the initial
connection handshake messages are not encrypted but during subsequent
handshakes they are encrypted using the cipher that was negotiated during
the initial handshake, which might be ssl-null-with-null-null but should
probably be something that actually encrypts and macs the traffic.
unless you are worried about people being able to see the elements of your
certificate, e.g. what your distinguished name is, there is no need to
> -----Original Message-----
> From: Tommy Hellström [mailto:email@example.com]
> Sent: Friday, April 07, 2000 9:28 AM
> To: firstname.lastname@example.org
> Subject: Re: [iaik-ssl] Encrypted Client Certificate?
> Hi Tomas,
> The client certificate is sent unencrypted after the server
> has sent a certificate request message.
> See section 5.6.2 and 5.6.6 in "The SSL Protocol Version 3.0" ;
> (http://www.netscape.com/eng/ssl3/draft302.txt) for more information.
> Hope this helped,
> email@example.com wrote:
> > Hello,
> > can one of you SSL gurus tell me whether the client
> certificate is sent
> > in plain text or encrypted to the server (in SSL with client
> > authentication, of course). I couldn't find any SSL docs about this.
> > Thanks a lot
> > Thomas
> > --
> > Mailinglist-archive at
> > To unsubscribe send an email to firstname.lastname@example.org with the
> folowing content: UNSUBSCRIBE iaik-ssl
> Mailinglist-archive at
To unsubscribe send an email to email@example.com with the folowing content:
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
To unsubscribe send an email to firstname.lastname@example.org with the folowing content: UNSUBSCRIBE iaik-ssl