Hi,
I have a doubt..whether the SSL/TLS protocol uses the public key of the web server to encrypt data before sending it.
I knew the browser verifies the public key of the web server using the digital certificate (by verifying the signature of the certificate using trusted authority). whether the same public key is used to encrypt data ?
Regards,
Chaitanya.
SSL uses the PPK and diffie-hellman to share a random session key, and then uses that to encrypt the session. (You thought it would be simple?) This reduces the exposure of the PPK. The session key can be regenerated at intervals, reducing its exposure.
The digital signature, chain of trust from certificate to certificate on PPK is to ensure you have the true correspondent, not some hacker who has rerouted your connection.
I just use it and trust, but this helps explain the slow start and the advantages of HTTP/1.1 persistent on https.
Thanks a lot.
I understood the thing...so SSL/TLS generates a common key and encrypts with the public key of the web server and sends to the web server..which then decrypts with its own private key.
Then the browser will encrypts all the data sending to the server using that common key. Since it reduces the complexity.
Anyways i understood the authentication part of the SSL/TLS just got the above doubt for encryption..
Thanks again for clearing my doubt.