mailing list archives
SSL over http instead of https
From: winsoc <winsoc () googlemail com>
Date: Mon, 7 Apr 2008 20:26:33 +0100
I recently reviewed a web hosting provider, and made the assumption that due
to them not having https that they were not running SSL on their login
screens- therefore exposing credentials in cleartext.
However after reviewing the packets it became apparent that when you entered
the credentials, there was in fact a ssl handshake and the data was in fact
encrypted via sslv3.
Is there any logical reasoning for this- it would appear they use a IIS
webserver for this purpose.
- SSL over http instead of https winsoc (Apr 07)