Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>For detailed explanation of SSL, see <a href="https://www.ietf.org/rfc/rfc2246.txt" rel="nofollow noreferrer">https://www.ietf.org/rfc/rfc2246.txt</a></p> <p>Here are the brief ideas of SSL to answer your question: </p> <p>1) Using <strong>certificates</strong> to authenticate. Server certificate is a must and client certificate is <em>optional</em> (only when the server requests it). A certificate is like something to prove who you are and it also contains a public key for asymmetric encryption.</p> <p>2) Using asymmetric encryption (with public key in the server certificate) to <strong>establish a shared symmetric key</strong> which is used to transfer data between client and server securely by symmetric encryption (for performance reason because symmetric encryption is faster than asymmetric encryption).</p> <p>The shared symmetric key is established by exchanging a premaster secret from client side (encrypted with server public key) and is derived from the pre-master secret together with client random and server random (thanks @EJP for pointing this out in the comment):</p> <pre><code>master_secret = PRF(pre_master_secret, "master secret", ClientHello.random + ServerHello.random) </code></pre> <p>We need the server random and client random to prevent replay attacks that an attacker can capture the previous session and replay it for the new session. </p> <blockquote> <p>What I don't understand is, couldn't a hacker just intercept the public key it sends back to the "customer's browser", and be able to decrypt anything the customer can.</p> </blockquote> <p>The hacker cannot decrypt the message since he does not know the server private key. Be aware that public key <strong>cannot</strong> be used to decrypt the message.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload