[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Vidalia error message with TorBirdy

On 07/04/13 14:02, anonymous coward wrote:
> The Tuber:
>> In SSL, if the client sends a session ID to resume a session, and the
>> server accepts it, no certificate is sent. 
> But this session ID is sent encrypted or checked against a certificate?

The session ID is sent in cleartext. The server (and client) will then
use the session keys associated with the session ID. The idea being that
if the current client is not the same as the original client, it will
not have the session keys to be able to decrypt the traffic. There is no
certificate interaction at all.


The Tuber
tor-talk mailing list