Keith Keller <kkeller-usenet@wombat.san-francisco.ca.us> wrote:

> > Why would you want to use SSL without encryption? I suppose you
> > could use it for certificate-based client authentication only,
> > without encryption. I don't know anyone who does, but, hey, if you
> > want, you can.
>
> If you're debugging a remote application that has no cleartext option,
> you can use null encryption to be able to sniff the data going over
> the wire without having to rewrite the app to allow a cleartext
> session. I don't have a good example off the top of my head, but
> imagine that HTTP didn't exist, and the only thing your httpd
> supported was HTTPS. Would you want to rewrite your httpd to support
> plaintext HTTP, or would it be easier to simply use null encryption?

To support HTTPS (HTTP via SSL), a server must support plaintext HTTP in
the first place. HTTPS is not a specialized HTTP-based protocol, but
just HTTP wrapped in SSL.

One valid reason to use SSL weak or null encryption is performance.
Strong encryption costs a lot of CPU power. If secrecy is not
mandatory, one can trade it for speed. Imagine, for example, the local
network of a small- or medium-scale company, where encryption isn't
needed, except for a few special things.


Regards,
Ertugrul.


--
http://ertes.de/