[jdev] sasl plain again
Norman Rasmussen
norman at rasmussen.co.za
Mon Apr 17 09:24:02 CDT 2006
On 4/17/06, Adrian Adrian <flashbk2003 at yahoo.com> wrote:
> I used a packet sniffer as you suggested and sadly I was able to see all
> packets, including the ones that came after the server said "proceed".
> I then used a commercial im client and tried to sniff, and this one
> worked as expected. Everything after "proceed" was encrypted.
>
> I don't get it. I wonder if this could be a platform issue (my application
> is based on flash player 8 so that's actionscript virtual machine) or if I
> misunderstood the tls plain authentication in the first place.
Directly after the client receives <proceed/> it should start TLS
negotiations, now I'm not sure how to do this in actionscript, but it
generally requires creation a TLS stream and hooking it up to your
existing stream, then you use the new TLS stream for all your comms.
--
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
More information about the JDev
mailing list