[tor-talk] Vidalia error message with TorBirdy
The Tuber
thetuber at gmail.com
Sat Jul 6 17:09:31 UTC 2013
On 07/04/13 14:02, anonymous coward wrote:
> The Tuber:
>
>> In SSL, if the client sends a session ID to resume a session, and the
>> server accepts it, no certificate is sent.
>
> But this session ID is sent encrypted or checked against a certificate?
The session ID is sent in cleartext. The server (and client) will then
use the session keys associated with the session ID. The idea being that
if the current client is not the same as the original client, it will
not have the session keys to be able to decrypt the traffic. There is no
certificate interaction at all.
Thanks.
The Tuber
More information about the tor-talk
mailing list