Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Does an SSL server randomly generate a temporary key pair for every client that connects?
I understand how public-key encryption works — public encryption key, secret decryption key. That explains how a host with an SSL certificate can receive encrypted data from a client. But how does an SSL server send encrypted data back to the client?
(There was a discussion on this topic in this question, although it was edited a number of times, so it may be confusing.)
The public key in the server certificate is only used during the handshake.
During the handshake, the client and server negotiate a secret shared key (a new one for each session) that they use for the actual encryption.
How this secret is negotiated depends on the cipher suite: RSA or Diffie-Hellman key exchange. When using RSA key exchange, the client encrypts the pre-master-secret and sends it to the server (who is the only one able to decrypt it). When using DH, the client verifies the signature of the temporary parameters sent by the server during the DH exchange: the end result is also a shared pre-master-secret. This is then used with the exchanged random values by both parties to compute the master secret.
There are more details in the TLS specification section called "Handshake Protocol Overview".