diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-07-21 17:44:11 +0300 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-07-23 14:12:04 +0200 |
commit | 6e2c6ca7f3f4b6b5dd0859aa67aa640bbc966f05 (patch) | |
tree | c2166084b878bd6e7e4df75230f4d0d761e992b0 | |
parent | 81e8620a3411519510750b30bb460987bce35b7f (diff) | |
download | gnutls-6e2c6ca7f3f4b6b5dd0859aa67aa640bbc966f05.tar.gz |
Updates in upward negotiation section.
-rw-r--r-- | doc/cha-tls-app.texi | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/doc/cha-tls-app.texi b/doc/cha-tls-app.texi index 5b47067db2..93445227b2 100644 --- a/doc/cha-tls-app.texi +++ b/doc/cha-tls-app.texi @@ -46,12 +46,9 @@ different approach to enable the secure layer. They use something called the ``TLS upgrade'' method. This method is quite tricky but it is more flexible. The idea is to extend the application protocol to have a ``STARTTLS'' request, whose purpose it to start the TLS -protocols just after the client requests it. This is a really neat -idea and does not require an extra port. - -This method is used by almost all modern protocols and there is even -the @xcite{RFC2817} paper which proposes extensions to HTTP to support -it. +protocols just after the client requests it. This approach +does not require an extra port and is used by almost all modern protocols. +There is even an extension to HTTP protocol to support that method @xcite{RFC2817}. The tricky part, in this method, is that the ``STARTTLS'' request is sent in the clear, thus is vulnerable to modifications. A typical |