Re: Handling NULL key exchange for NULL_ ciphersuite

To close out this issue, I propose that the TLS spec forbid
negotiating to NULL_WITH_NULL_NULL. I understand
the argument for testing, but I suspect the risks of this in
practical deployment make it dangerous.

Win Treese

Received on Sunday, 9 February 1997 02:44:22 UTC