M wrote: > > [Perhaps I ought to know this already, but...] > > RFC 2246 says "The differences between [TLS 1.0] and SSL 3.0 are not dramatic, but >they are significant enough that TLS 1.0 and SSL 3.0 do not interoperate (although >TLS 1.0 does incorporate a mechanism by which a TLS implementation can back down to >SSL 3.0)". > > To an unpractised eye, not used to the line-by-line collation of long texts, the two >specifications seem pretty well identical. What *are* the important differences? The hashes used for secret generation (and perhaps checking message content, I forget now) are radically different. Cheers, Ben. -- SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm http://www.apache-ssl.org/ben.html Y19100 no-prize winner! http://www.ntk.net/index.cgi?back=2000/now0121.txt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
