On 12/14/06, Martin Heiden <martin.heiden@(protected):

> It's pretty valid!


I don't think so.Just checked out the TLS rfc and found this (TLS ver. 1.0):

These goals are achieved by the handshake protocol, which can be
 summarized as follows: The client sends a client hello message to
 which the server must respond with a server hello message, or else a
 fatal error will occur and the connection will fail. The client hello
 and server hello are used to establish security enhancement
 capabilities between client and server. The client hello and server
 hello establish the following attributes: Protocol Version, Session
 ID, Cipher Suite, and Compression Method. Additionally, two random
 values are generated and exchanged: ClientHello.random and
 ServerHello.random.

As i see this if the client does not sends a hello message then server
should drop the
connection .So,if i am pointing my browser to ssl port using http scheme
,the connection
should be dropped.
I think that most (non-java at least) servers works this way just try to
telnet to ssl port of
say gmail ,you get nothing.
I of course could be wrong,and that is for developers to decide .However
what i am
looking to be sure of, is that the strange bits are actually the server
hello and not
a bug/not cleaned buffer/security problem.
However ,if i understand correctly you can reproduce my results?
Is that right ?Do you use the same version of tomcat ?JVM?
Thanks for response.
Evgeny.


> regards
>
> Martin.
>
>
>
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@(protected)
> To unsubscribe, e-mail: users-unsubscribe@(protected)
> For additional commands, e-mail: users-help@(protected)
>
>