SSL/TLS - am I doing it right?

[Paul Rubin]

"Frank Millman" <frank at chagford.com> writes:
> I was hoping to avoid this step. The point of the exercise for me is
> encryption. I am not too worried about authentication. The next step in
> my app is for the client to enter a user id and password, and the
> server will not proceed without verifying this.

That is a total disaster without authentication, since it means the
client can reveal the password to an imposter.