- From: Zhong Yu <zhong.j.yu@gmail.com>
- Date: Wed, 18 Jul 2012 11:03:32 -0500
- To: Mike Belshe <mike@belshe.com>
- Cc: grahame@healthintersections.com.au, "Adrien W. de Croy" <adrien@qbik.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
If TLS is mandated, yet NULL cipher is acceptable, what was the point of mandating TLS in the first place? On Tue, Jul 17, 2012 at 11:24 PM, Mike Belshe <mike@belshe.com> wrote: > > > On Tue, Jul 17, 2012 at 9:20 PM, Grahame Grieve <grahame@kestral.com.au> > wrote: >> > Naw - this is not a big deal. For instance, a server can send a NULL cipher > to the client. In normal modes, browsers will reject the NULL cipher and > not negotiate it. however, you can use command line flags to allow it. > > We do this all the time. Another example is for turning on > same-origin-policy. Browsers often have debugging modes for turning it off. > You have to run the browser in a special, techie, opt-in way to do it, but > it is there. > > I used these all the time when developing in Chrome. > > Mike > > >> >> >> Grahame > >
Received on Wednesday, 18 July 2012 16:04:03 UTC