[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [iaik-ssl] Encrypted Client Certificate?



the client certificate is carried in a certificate handshake protocol
message. the hanshake protocol is layered on top of the record layer.  the
record layer operates according to the current active session state.  the
session state contains the cipher spec. so whether handshake messages are
encrypted or not depends on the current cipher spec. during the initial
connection handshake messages are not encrypted but during subsequent
handshakes they are encrypted using the cipher that was negotiated during
the initial handshake, which might be ssl-null-with-null-null but should
probably be something that actually encrypts and macs the traffic.

unless you are worried about people being able to see the elements of your
certificate, e.g. what your distinguished name is, there is no need to
encrypt certificates.

> -----Original Message-----
> From: Tommy Hellström [mailto:tommy.h@eldean.se]
> Sent: Friday, April 07, 2000 9:28 AM
> To: iaik-ssl@iaik.tu-graz.ac.at
> Subject: Re: [iaik-ssl] Encrypted Client Certificate?
> 
> 
> Hi Tomas,
> 
> The client certificate is sent unencrypted after the server 
> has sent a certificate request message.
> See section 5.6.2 and 5.6.6 in "The SSL Protocol Version 3.0" ;
> (http://www.netscape.com/eng/ssl3/draft302.txt) for more information.
> 
> Hope this helped,
> /Tommy
> 
> thomas.ernst@canoo.com wrote:
> 
> > Hello,
> >
> > can one of you SSL gurus tell me whether the client 
> certificate is sent
> > in plain text or encrypted to the server (in SSL with client
> > authentication, of course). I couldn't find any SSL docs about this.
> >
> > Thanks a lot
> >
> > Thomas
> >
> > --
> > Mailinglist-archive at 
> http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
> >
> > To unsubscribe send an email to listserv@iaik.at with the 
> folowing content: UNSUBSCRIBE iaik-ssl
> >
> 
> --
> Mailinglist-archive at 
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-ssl
 
--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl