[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [iaik-ssl]cu|| Is my session protected when I use HTTPS protocol?



Hi,

as long as you use a SSL ciphersuite that encrypts the data 
_everything_ you send via this connection is encrypted. SSL 
per se does not know anything about the protocol (for example 
HTTP) used on top of it, so it just processes everything.

Best regards,
Ronny

-- 
+----------------------------------+---------------------------------+
| Ronny Schuetz                    | Phone    : +49-7031-468-2138    |
| Hewlett-Packard GmbH             | Fax      : +49-7031-468-2221    |
| Boeblingen / Germany             | Telnet   : 701-2138             |
|                                  | Homeoff. : +49-7031-412181      |
| Enterprise Integration Services  | email    : ronny_schuetz@hp.com |
+----------------------------------+---------------------------------+



> -----Original Message-----
> From: Luca Ventura [mailto:luca_vent@virgilio.it] 
> Sent: Friday, 06 September, 2002 16:36
> To: iaik-ssl; iaik-jce
> Subject: [iaik-ssl]cu|| Is my session protected when I use 
> HTTPS protocol?
> 
> 
> Hello everybody!
> 
> I have a doubt: is all the information I store in my session  
> protected when I use SSL or HTTPS protocol to send data? I 
> mean...if I put important information in the user's session 
> (such as the passwords and the credit card's nummbers) am I 
> sure they are crypted together with all other data I send? Or 
> in any case the information I put in the user's session is 
> sent in clear text?
> 
> I hope someone can help me on this topic.
> 
> Thanks in advance!
> 
>                    Luca
> 
> --
> Mailinglist-archive at 
> http://jcewww.iaik.at/mailarchive/iaik-> ssl/sslthreads.html
> 
> 
> To unsubscribe send an email to 
> listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl
>  
> 
--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl