RE: [Simpleweb-Support] [newbie] SSL Handshake
Brought to you by:
niallg
Menu
▾
▴
RE: [Simpleweb-Support] [newbie] SSL Handshake
|
From: Niall G. <nia...@an...> - 2004-04-29 09:08:52
|
Hi > I have read mamba (http://mambaweb.sourceforge.net) source if I am not > mistaken (please correct me if I am wrong) it only use server > authentication so that the client can verify that the site is who and > what it claims to be. This is true, the SSL/TLS protocol however requires an exchange of keys so the client application must provide its public key. How it provides this key and/or certifies itself is a client specific question. Try looking at the JSSE documentation at http://java.sun.com/products/jsse/. However, I think that client certificates are not really that important. If you think the client might be bogus then use HTTP authentication over SSL to authenticate your users, this is much easier and is supported in the Simple API. Niall |
