问题
This is what I understand for SSL communication. The browser gets public key from the web server of the secured website. The client and server establish session key based on public/private keys and then continue communication through symmetric algorithm during the SSL session.
My questions:
After session key is generated, where does it stored in server side? Is it stored in web server memory? And is it stored as encrypted?
回答1:
This is what I understand for SSL communication. The browser gets public key from the web server of the secured website.
Well, it gets the entire certificate, which contains the public key, and it gets a lot of other things too, that authenticate that the server owns that certificate, and therefore owns that public key.
The client and server establish session key based on public/private keys
Incorrect. They negotiate a session key based on shared secrets that don't have anything to do with the public or private keys. The public key may be used to encrypt one of those secrets between client and server, but that's a different statement.
and then continue communication through symmetric algorithm during the SSL session.
Correct.
My questions:
After session key is generated, where does it stored in server side? Is it stored in web server memory?
Of course.
And is it stored as encrypted?
No.
来源:https://stackoverflow.com/questions/28830383/where-does-ssl-symmetric-key-is-stored