Home >Common Problem >What is the way ssl generates session key
The way ssl generates a session key is to randomly generate it from the client and notify the server after encrypting it; ssl and its successor transport layer security is a security protocol that provides security and data integrity for network communications; TLS Encrypt network connections between the transport layer and application layer with SSL.
Recommended: "Programming Video"
The way ssl generates a session key is randomly generated by the client and Notify the server after encryption.
SSL (Secure Sockets Layer) and its successor Transport Layer Security (TLS) are a security protocol that provides security and data integrity for network communications. TLS and SSL encrypt network connections between the transport layer and the application layer.
The specific process of two-way authentication SSL protocol
① The browser sends a connection request to the security server.
② The server sends its own certificate and certificate-related information to the client browser.
③ The client browser checks whether the certificate sent by the server is issued by the CA center it trusts. If it is, continue to execute the agreement; if not, the client's browser will give the client a warning message: warn the client that this certificate is not trustworthy, and ask the client if it needs to continue.
④ Then the client browser compares the information in the certificate, such as the domain name and public key, with the relevant message just sent by the server. If they are consistent, the client browser recognizes the legal identity of the server.
⑤ The server requires the client to send the client's own certificate. After receiving it, the server verifies the client's certificate. If it fails the verification, it refuses the connection; if it passes the verification, the server obtains the user's public key.
⑥ The client browser tells the server the communication symmetric encryption scheme it can support.
⑦ The server selects the password scheme with the highest degree of encryption from the password scheme sent by the client, encrypts it with the client's public key and notifies the browser.
⑧ For this password scheme, the browser selects a call key, then encrypts it with the server's public key and sends it to the server.
⑨ The server receives the message sent by the browser, decrypts it with its own private key, and obtains the call key.
⑩ The subsequent communication between the server and the browser uses a symmetric encryption scheme, and the symmetric key is encrypted.
The commonly used https is not two-way, there is no ⑤
This problem occurs at ⑧
The above is the detailed content of What is the way ssl generates session key. For more information, please follow other related articles on the PHP Chinese website!