SOC Experts Community - Beta
0 like 0 dislike
in Networking by (4.1k points)

2 Answers

1 like 0 dislike
by (5k points)

TLS and its predecessor SSL make significant use of certificate authorities. Once your browser requests a secure page and adds the "s" onto "http," the browser sends out the public key and the certificate, checking three things: 1) that the certificate comes from a trusted party; 2) that the certificate is currently valid; and 3) that the certificate has a relationship with the site from which it's coming.

The browser then uses the public key to encrypt a randomly selected symmetric key. Public-key encryption takes a lot of computing, so most systems use a combination of public-key and symmetric key encryption. When two computers initiate a secure session, one computer creates a symmetric key and sends it to the other computer using public-key encryption. The two computers can then communicate using symmetric-key encryption. Once the session is finished, each computer discards the symmetric key used for that session. Any additional sessions require that a new symmetric key be created, and the process is repeated.

1 like 0 dislike
ssl/tls comes into picture when encrypted channel is required between client and server

1)client sends hello message and tell server to initiate encrypted channel

2)server responds by sending digital certificate and public key

3)client verifies digital certificate and sends all the algorithm which client knows

4)server selects one of the algorithm and they mutually agrees on one algorithm

5)client encrypts his key using public key of server and algorithm

6)server decrypts with private key and algorithm where public key exchange took place and it will be having client key

7)now client and server are having same key ,whenever client or server sends data it will encrypt with client key and other decrypts with same key where encrypted channel took place

SOC Experts - No. 1 Job Oriented Cybersecurity Training Program

View our Courses