OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-transport message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: Latest packaging spec...

I believe Terry is correct. Looking at page 31 in RFC 2246, the TLS spec (which is very similar to SSL), the TLS handshake occurs before the HTTP protocol is invoked. Once the endpoints complete the TLS handshake all data between points is encrypted, including HTTP headers.
At least that's my interpretation.
Dick Brooks
-----Original Message-----
From: Terry Harding [mailto:tharding@cyclonecommerce.com]
Sent: Tuesday, April 25, 2000 7:07 PM
To: Prasad Yendluri; Dick Brooks
Cc: Ebxml
Subject: Re: Latest packaging spec...

    1. When SSL is used,  if I am correct the HTTP POST / GET related headers are not protected by SSL. Only the content is.
Actually once a SSL session has been established between two tcp/ip points.  Everything sent
between the two points is encrypted, even the http headers....
Terry Harding
Security/Interoperability Testing
Cyclone Commerce Inc.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help

Powered by eList eXpress LLC