On Mon, Mar 26, 2012 at 10:12 AM, Ajay Garg <ajaygargnsit@xxxxxxxxx> wrote:No, that is not how SSL works. A brief synopsis:
> Thanks a ton Sander.
>
> So on session setup-phase, the server sends the public-key to the client
> (which would hardly be a bother, even if it is intercepted by a
> eavesdropper). This public key is then used to encrypt the data on the
> client, send over the wire, and decrypted by the server's private key.
>
> That explains the client-to-server-transfer.
>
> However, just one last confirmation regarding the server-to-client-transfer.
> Is another set of public-private (session) keys pair created? (This would
> then explain the server-to-client transfer seamlessly, wherein the client
> would send the (session) public key to the server; server would encrypt data
> using this (session) public key; send the data over the wire; and the client
> would then decrypt data using the (session) private key).
>
> Thanks Sander. You have really been a darling in all the help ;-)
>
> Thanks and Regards,
> Ajay
>
>
http://stackoverflow.com/questions/188266/how-are-ssl-certificates-verified
More information can be found by searching the internet for "how does SSL work".
Cheers
Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|