Linked Questions
321 questions linked to/from How does SSL/TLS work?
38
votes
3
answers
13k
views
Is HTTPS URL in plain text at first connection? [duplicate]
Let’s say I have never connected to the site example.com.
If this site is https and I write https://example.com/supersecretpage will the URL be sent in clear text since it's the first time I connect ...
- 405
29
votes
1
answer
33k
views
In SSL server handshake, does server also send CA certificate [duplicate]
In the TCP SSL sever handshake, does the server also send CA certificates? Does the server need to send all intermediate CA certificates in the Server Hello?
- 970
20
votes
5
answers
7k
views
Can a phishing website use the original (HTTPS, TLS) certificate? [duplicate]
If one has a phishing website that uses the original certificate that was obtained by accessing that website, can an attack fool users to believe they are accessing legitimate websites?
If not, how ...
- 317
14
votes
2
answers
7k
views
Why does SSL use both asymmetric cryptography and symmetric cryptography algorithms together? [duplicate]
SSL uses both asymmetric cryptography and symmetric cryptography.
Why can't it, or why doesn't it, just use one of them?
- 165
17
votes
1
answer
23k
views
What's the point of the pre-master key? [duplicate]
In SSL, the client generates a pre-master key from random data from itself and also the server. It then encrypts this with the server's public key, sends it to the server and then both client and ...
6
votes
2
answers
4k
views
In a browser web server communication, who decides which encryption protocol to use [duplicate]
My IE browser has SSLv3.0, TLS 1.0,1.1 and 1.2 enabled in the advanced settings.
And (I was informed by my server admin) my web server can encrypt data in SSLv3.0 and TLS 1.0
Now which system (...
- 171
11
votes
3
answers
18k
views
How does the SSL connection protocol work with self-signed certificate? [duplicate]
I'm using the self-signed certificate, but I don't know how this protocol works. I connect two apps with a socket SSL and it works fine. The server is a Python app and the client is an Android app. I ...
- 111
-1
votes
2
answers
43k
views
SSL protocol : Port 443 [duplicate]
I want to use the SSL protocol. SSL protocol uses port 443. During the initial handshake does the communication occur on port 80 or does the handshake start on port 443?
If not during the initial ...
- 79
3
votes
2
answers
19k
views
How do session keys in public key cryptography work? [duplicate]
I have read that a session key is symmetric, and it is encrypted by recipient's public key;
When "Bob" receives a message, does he decrypt it with his private key and he's then in possession of an ...
- 39
5
votes
3
answers
8k
views
How does the Certificate Authority work [duplicate]
I'm learning how the Certificate Authority work and have a question.
As my understanding, the Certificate Authority can guarantee that the client get the true public-key:
Saying that I'm a server and ...
- 361
5
votes
1
answer
10k
views
Why is it not possible to fake a digital certificate? [duplicate]
When a client accesses an HTTPS webpage, (please correct me if I'm wrong), it just checks whether the certificate of that website has been signed by a trusted CA or not, but does not ask directly the ...
- 1,045
3
votes
3
answers
3k
views
Does HTTPS allow replay attack on authentication request? [duplicate]
If I sent a username and the password to a website over HTTPS, is it possible that someone on the net would save this request and re-send it later to authenticate on the website?
- 141
3
votes
2
answers
13k
views
How is man-in-the-middle attack prevented in TLS? [duplicate]
As I understand the original master key, which is used to encrypt the application data is never transmitted over the wire and it is calculated on both client and server individually using a hashing-...
- 131
8
votes
2
answers
940
views
Question About HTTPS Security [duplicate]
I recently read about how HTTPS work and I have some questions to clarify. Pardon me if this sounds silly but I just need to get this clear. Correct me if I am wrong.
I got to know that as part of ...
- 189
6
votes
2
answers
3k
views
Why are SSL handshakes secure and why can't a hacker look at that and decrypt the data? [duplicate]
If I understand right, there is a "handshake" where both the server and the browser verify who they are and agree on an encryption key. Why cannot a hacker just watch the network for the keys going ...
