how is this working...

Frank Maritato (frank@uccs.jpl.nasa.gov)
Tue, 10 Mar 1998 15:36:13 -0800

Date: Tue, 10 Mar 1998 15:36:13 -0800
From: Frank Maritato <frank@uccs.jpl.nasa.gov>
To: java-security@web1.javasoft.com
Subject: how is this working...

Hello--

I am using SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 as my enabled cipher
suite. I realize this is turning off authentication and that I am
vulnerable to the "man in the middle" attack. My question is, how are
the SSLSocket and the SSLServerSocket get a key to encrypt the channel?
Usually what happens here is that one uses the public key to encrypt and
the other uses the private key to decrypt. Since this is not being done
(?), how is the session key known to both parties?

Thanks!

-- 
**************************************************************
Frank Maritato, Jr.             Jet Propulsion Laboratory
frank@uccs.jpl.nasa.gov         4800 Oak Grove Drive
Office: (818) 306-6109          mail stop 525-3632
FAX:    (818) 306-6818          Pasadena, CA 91109-8099