On Thu, Jul 01, 1999 at 05:47:42PM +0200, Pierre De Boeck wrote: > I have noticed that the SSL_OP_NETSCAPE_CA_DN_BUG option > enables to modify slightly the DER-encoding of the CA's DNs > that a TLS server sends to a client during the > SSL3_ST_SW_CERT_REQ_A/B phase of the handshake. > > I suppose that it is for some NS Communicator versions but > how can the server detect that the client is > Netscape or IE at the handshake-time, namely before any > application traffic (HTTP in that case) is sent. You can't. What you can do if compatibilty is more important than performance is first let the client connect without verification and then do renegotiation. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
