Re: Test internet servers with SSL client authentication

From: Eugene Mayevski (mayevski_at_eldos.org)
Date: 03/26/05


Date: Sat, 26 Mar 2005 22:00:26 +0200

Hello!
You wrote on Sat, 26 Mar 2005 13:35:42 -0500:

 MG> So can you point me to that but report? or info related to that?

The problem is related to fragmentation of certain SSL packets. I.e. if the
call to receive() doesn't get the whole SSL packet (this can happen due to
various reasons) then IIS fails. I.e. someone very smart didn't know that
TCP is stream-oriented protocol... We had to do certain things to prevent
such situation. I must say that Java servers have the same problem.

 MG> SURELY there are some public web sites running SSL 3 with client
 MG> certificate authentication??

If you want your certificate to be validated and SSL session to be
successfully established, then this is unlikely because the purpose of
client authentication is not just to verify the integrity certificate, but
to check the owner against some list (of people, allowed to use the
resource).

On the other hand, if you need just *some* SSL server, I can you can build
one easily with SecureBlackbox.NET (http://www.eldos.com/sbb/desc-ssl.php),
trial version will be enough. It supports client-side authentication.

With best regards,
Eugene Mayevski



Relevant Pages