[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: EDI over http?
Matt,
I'm looking over the SSL3 protocol spec and there definitely is
something client side and server side about it. For instance this is the
possible message flow defined for the SSL handshake:
CLIENT SERVER
ClientHello --------------> ServerHello
Certificate
CertificateRequest
ServerKeyExchange
<--------------
Certificate
ClientKeyExchange
CertificateVerify
change cipher spec
Finished------------------->change cipher spec
| Finished
| |
| |
| |
| |
| |
V V
application <-------------> application
data data
Matthew James Gering wrote:
>
> SSL is end-to-end session encryption -- there is nothing client-side or
> server-side about it.
>
> If you are referring to the X.509 certificate on the server used for server
> identity verification, X.509 certificates are also supported on the client
> for client identity verification and security login by most web servers.
>
> Matt
>
> > Since EDI is generally server to server, doesn't adopting a http/SSL
> > transport also imply that the client side http/SSL implementation be
> > done on the server side as well?
> >
> > For instance, the browser will implement the client side SSL functions
> > such as server certificate authentication, etc. In the situation where
> > there is no browser, and a server needs to send the EDI file to another
> > server, doesn't the sending server need to implement the http/SSL client
> > side dialogues?
> >
> > Does this mean that companies would need to go to the expense of
> > creating a "customised" http/SSL server to support client side
> > functionality?