SSL Security man

Alot of debate about this but one thing isnt clear to me. Can't an ISP intercept the connection between the client and the server? Like when the ISP intercept the initial process of SSL connection, the ISP WILL RESPOND TO THE CLIENT and not the server? pretending its from the server. Therefor the ISP can be a perfect man-in-the-middle with the power of reading AND modifying data whenever they want, is that correct?


No, because the ISP doesn't hold a private key that matches the certificate at the server you are trying to access. So unless you aren't checking the peer certificate, ie you are accepting the ISP's own certificate instead of the website's certificate, it is impossible for him to masquerade as the endpoint.

链接地址: http://www.djcxy.com/p/21812.html

上一篇: SSL如何真正起作用?

下一篇: SSL安全人员