SSL Walkthrough High level view of SSL keithrozario.com
Step 1: Client accesses website Browser connects to website Client Web Server
Step 2: Server responds with Certificate Server responds with Client Certificate and key Web Server
Step 3: Client verifies with CA Client Web Server Client verifies certificate with CA CA
Step 4: Client sends random key toserver Client sends a random key to server encrypted with the public key Random Client Key Web Server
Step 5: All communications are nowencrypted with the Random key Random Key Client Web Server
Notes All data encrypted with the servers public key can only be decrypted by the servers private key The randomly generated key was: Randomly Generated by the client Encrypted with the servers public key Only the Server and the Client would know the key, and unless they share it no one else would know. Therefore encrypting the Data with the random key secures the data from prying eyes. In most applications of SSL/TLS the key type, cipher and hash can be configured based on client and server requirements. It is this that determines the security of your connection, although SSL isn’t without it’s vulnerabilities.