Yes, that is correct. The first negotiation is without using TLS. You can,
however, configure the system to exclusive use LS much like the way HTTP
does it (we don't do that by defaul to allow for optimizations that can't
happen with HTTP). However, as DS poinst out, the client is not programmed
to be able to start with TLS at the starting gate and that owuld need to
happen. Hence, for xroot protocol we don't have the capability you are
looking for even if the server is capable of doing that.
On Mon, 13 Mar 2023, R. P. Taylor wrote:
> Thanks @smithdh for the information.
> I thought the xrootd protocol does use TLS? Or are you saying the client first connects without TLS, does some negotiation or something, and then switches to TLS?
>
> --
> Reply to this email directly or view it on GitHub:
> https://github.com/xrootd/xrootd/issues/1951#issuecomment-1466850348
> You are receiving this because you are subscribed to this thread.
>
> Message ID: ***@***.***>
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
Message ID: <xrootd/xrootd/issues/1951/1468343712@github.com>
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/xrootd/xrootd/issues/1951#issuecomment-1468343712",
"url": "https://github.com/xrootd/xrootd/issues/1951#issuecomment-1468343712",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
