Where does SSL symmetric key is stored?

This is what I understand for SSL communication. The browser gets public key from the web server of the secured website. The client and server establish session key based on public/private keys and then continue communication through symmetric algorithm during the SSL session.

My questions:

After session key is generated, where does it stored in server side? Is it stored in web server memory? And is it stored as encrypted?


This is what I understand for SSL communication. The browser gets public key from the web server of the secured website.

Well, it gets the entire certificate, which contains the public key, and it gets a lot of other things too, that authenticate that the server owns that certificate, and therefore owns that public key.

The client and server establish session key based on public/private keys

Incorrect. They negotiate a session key based on shared secrets that don't have anything to do with the public or private keys. The public key may be used to encrypt one of those secrets between client and server, but that's a different statement.

and then continue communication through symmetric algorithm during the SSL session.

Correct.

My questions:

After session key is generated, where does it stored in server side? Is it stored in web server memory?

Of course.

And is it stored as encrypted?

No.

链接地址: http://www.djcxy.com/p/21796.html

上一篇: 服务器系统的安全性?

下一篇: SSL对称密钥存储在哪里?