On 16 Apr, 07:35, "D. Stussy" <s...@bde-arc.ampr.org> wrote:
> "Allen Kistler" <ackist...@oohay.moc> wrote in message
>
> news:q1bNj.3916$vF.3700@newssvr21.news.prodigy.net ...
>
> > D. Stussy wrote:
> > > "buck" <b...@private.mil> wrote in message
> > >news:Xns9A817A6F1EBACbuckprivatemil@64.209.0.81.. .
> > >> I have googled and not found anything appropriate. *If anyone can
> supply
> > >> some keywords for my search, please do.
>
> > >> stunnel connects to news.newsguy.com on port 563. *How can I know that
> > > this
> > >> transmission is encrypted?
>
> > > By DEFINITION.
>
> > Not quite. *SSL allows the NULL cipher, which is no encryption.
>
> Is that really secure? *SSL = Secure sockets layer. *A NULL cypher may be
> permitted but I don't call that secure.

It's not, but it's exactly what the original poster was asking about.
buck wanted to be sure that his SSL connection was, in fact,
encrypted. A sneaky bastard of an SSL server could, in theory,
negotiate a 'null'' cipher, and that way a connection with a browser
might show a lovely little 'secured' icon but in actuality be
unencrypted.

I don't know if any browsers or stunnel could be misled this way, but
it's a fascinating question.