That is impossible. If you can't secure your Win9x client then you can
never ever establish any kind of secure communication from that client.
Security has to begin at the end points.
After you secure the client's cerificate store you then use those
certificates to secure the communication.
Amanda.
On Thu, 26 Oct 2000, Darío Mariani wrote:
> I'm still learning SSL. I still do no understand how does or if
> SSL/TSL prevents from a "man in the middle" attack. If the certificates
> are good, no problem. But, how does a client, or what must I do for a
> client to check the validity of a certificate, even a signed one from a
> trusted CA?
> My problem is this: I'm developing a client-server application (not
> web based), the clients will be in computers with Win9x, and for
> simplicity, the users won't know to wich server they are connecting to
> (they do not need to). I could have the server certificate and the
> server address in files in the client computer, but as Win9x security
> does not exist, nothing prevents someone from replacing these file for
> another server.
> I would apreciate any coments, thanks.
