On 12/03/2015 01:50 PM, Richard Moore wrote: > ?If network is fully isolated you could use plain text. Using 'https' > and null encryption is basically just pretending to do security. I've never done any work with the eNULL ciphers, so please correct me if I'm wrong, but wouldn't they still prevent active tampering with the HTTPS communication? (I understand your point; most web applications today require confidentiality to be secure, since sniffing cookies and passwords will give you access to the system, but maybe the OP has a use case that doesn't require it.) --Jacob
