Re: SSL Query
- From: jwgoerlich@xxxxxxxxx
- Date: Sun, 09 Sep 2007 10:29:41 -0000
Wikipedia goes into this in-depth, so I will not repeat all of it
here. At a high-level, both the client and server in situation (2)
negotiate the cipher and key material. They exchange random numbers
and generate public-private key pair from this exchange. This results
in a session key which is temporary, unique to the connection, and
separate from the server certificate.
Regards,
J Wolfgang Goerlich
Related Links:
Wikipedia, Transport Layer Security
http://en.wikipedia.org/wiki/Transport_Layer_Security#How_it_works
Microsoft Technet, SSL/TLS in Detail
http://technet2.microsoft.com/windowsserver/en/library/2a9816ef-70bf-4bd7-a043-9ba721595e271033.mspx?mfr=true
On Sep 8, 1:38 pm, amsical <amsi...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hi,
SSL can be used in the following 2 situations:
1. Where Server and Client know each other
2. Where Server and Client does not know each other e.g. secure public sites
like e-bay
In the first scenario above, Server will have Server Certificate and Client
will have Client Certificate. Server will encrypt a message using Client's
public key and Client will encrypt a message using Server's public key. Each
will use their own Private key to decrypt the same.
Now, in the second scenario above, Server will have Server Certificate but
Client will not have Client Certificate. Client can encrypt a message using
Server's public key. But how the Server will send the encrypted message in
absence of no Client Certificate? or is it that a temporary public-private
key is provided to the client?
Thanks,
Tim
.
- Prev by Date: Encryption of USB stick question
- Next by Date: Re: Windows Security Alert
- Previous by thread: Encryption of USB stick question
- Next by thread: Re: Windows Security Alert
- Index(es):
Relevant Pages
|
