Keith Keller wrote:
> On 2008-04-15, Allen Kistler <ackistler@oohay.moc> wrote:
>> Why would you want to use SSL without encryption? I suppose you could
>> use it for certificate-based client authentication only, without
>> encryption. I don't know anyone who does, but, hey, if you want, you can.
>
> If you're debugging a remote application that has no cleartext option,
> you can use null encryption to be able to sniff the data going over the
> wire without having to rewrite the app to allow a cleartext session. I
> don't have a good example off the top of my head, but imagine that HTTP
> didn't exist, and the only thing your httpd supported was HTTPS. Would
> you want to rewrite your httpd to support plaintext HTTP, or would it be
> easier to simply use null encryption?
>
> I wonder if the SSL developers themselves use null encryption as part of
> their development and testing process.

Since it's an allowed option, I hope they test it whether they use it
for anything else or not, eh? The rest makes sense, though.