lotus



previous page: 3.5) Do you have any information on sftp?
  
page up: Secure Sockets Layer Discussion List FAQ
  
next page: 4.2) Isn't encrypt-only SSL open to "man-in-the-middle" attacks?

4.1) Does SSL protect users from replay attack by eavesdroppers or message interceptors?




Description

This article is from the Secure Sockets Layer Discussion List FAQ, by Shannon Appel SAppel@consensus.com with numerous contributions by others.

4.1) Does SSL protect users from replay attack by eavesdroppers or message interceptors?

Yes. The client and the server each provide part of the random data
used to generate the keys for a connection. (The random portions of
the connection that initiate a session, drawn from both the client
and the server, are used to generate the master secret associated
with that session.) Additionally, each record is protected with a
MAC (Message Authentication Code) that contains a sequence number for
the message.

 

Continue to:













TOP
previous page: 3.5) Do you have any information on sftp?
  
page up: Secure Sockets Layer Discussion List FAQ
  
next page: 4.2) Isn't encrypt-only SSL open to "man-in-the-middle" attacks?