File talk:SSL handshake with two way authentication with certificates.svg

• Correctnes is disputed, see w:Image_talk:Ssl_handshake_with_two_way_authentication_with_certificates.png
• Image has display errors in Firefox when viewing as thumbnail. But Image pe se is complete. Can sombody fix this?

The Description on the right is faulty: right side has to be --> Phase 1-4 87.77.110.70 09:54, 14. Mai 2008

Moreover, "generate random number RNc / server_hello(crypto_information, RNc)" (red boxes on server side) should be RNs. --89.56.147.39 08:22, 26 June 2008 (UTC)[reply]

• Everything is phase 1? - --91.64.9.150 13:08, 21 August 2008 (UTC)[reply]

Small Bug in Step "Client Certificate Verify".

SSL/TLS (RFC 2246, RFC 5246) describe "Client Certificate signed with Client Secret Key ... When sent, it MUST immediately follow the client key exchange message."

This means in phase 3 the step "client certificate (encrypted with ...)" has to follow "PMS encrypted with ...".

This version of the graph is still wrong: The ClientVerify message (Hash over all previous messages) must _follow_ the ClientKeyExchange message. See http://www.ietf.org/rfc/rfc2246.txt Sec. 7.4.7 and 7.4.8 for more information. This is also intuitively clear because the ClientVerify message protects all previous messages (which must include the ClientKeyExchange, otherwise this message has no integrity assurance). 134.96.247.46 11:08, 23 February 2010 (UTC)[reply]

In the first two red boxes in the middle it says RNc instead of RNs 78.52.190.174 18:13, 9 June 2010 (UTC)[reply]