From: Michael Sierchio (ducatista@camber-thrust.net)
Date: Tue Jul 26 2005 - 17:23:50 EDT
In addition to the cogent comments of others, I suggest you
assure that you cannot establish an SSL 2.0 connection -- the
protocol has vulnerabilities which are exploitable, and most
browsers and some servers still support this version. Only
TLS 1.0 or SSL 3.0 should be used.
The server handshake provides a list of DNs of trusted
signers, that's something to look at since it has an
impact on client auth.
You should determine if a client can downgrade the security
to a degree to which the communication cannot be considered
adequately secured or private.
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:38 EDT