[thelist] https question
Aleem Bawany
aleem.bawany at utoronto.ca
Fri Jan 10 16:53:01 CST 2003
> Just to clear this up:
>
> Sending form data to a secure page from *any* page:
>
> 1. Client initiates HTTP connection on port 443 (or
> whatever is defined for SSL over HTTP) 2. Server
> responds, and the encryption level is negotiated. Server
> sends client certificate to client. 3. Client uses the
> certificate to encrypt the REQUEST, and this is then sent
> to server. 4. Server uses certificate to decrypt the
> REQUEST, and process.
> 5. Server encrypts RESPONSE, and sends to client. 6.
> Client decrypts RESPONSE, and displays. 7. Connection is
> closed.
>
> Forget querystrings and stateful connections. There is no
> querystring, no form data, nothing, until *after* an HTTP
> connection has been successfully negotiated and
> encryption is in place.
that explains things a bite better. It's step 3 I couldn't
overcome earlier - the fact that the client doesn't send
the data until recieving the certificate but all doubt is
gone now.
thanks,
aleem
[ http://members.evolt.org/aleem/ ]
More information about the thelist
mailing list