1

My understanding:

A website which is protected by https will send the public key within the certificate.

We use this public key to encrypt and send the "private key for the private key encryption", this "private key encryption" will be used to communicate between the client and server.

When and where does the TLS handshake happen?

What is the need for DH params (don't say to prevent Logjam i.e. is not my point, DH parameters are used to generate which/what key)?

Is the TLS handshake and DH parameters used to secure the certificate itself?

schroeder
  • 123,438
  • 55
  • 284
  • 319
EbyM
  • 11
  • 2
  • 3
    I think your answers could be found with just a little research or even reading a wiki page. – schroeder Jul 31 '17 at 08:40
  • I agree with Schroeder. For a good explanation of RSA/DH key exchange I like this site: https://hpbn.co/transport-layer-security-tls/ – StackzOfZtuff Jul 31 '17 at 09:21
  • 2
    The details are described quite well in the answers here: [How does SSL/TLS work?](https://security.stackexchange.com/questions/20803/how-does-ssl-tls-work) – Polynomial Jul 31 '17 at 10:15
  • "the client initiates either the RSA or the Diffie-Hellman key exchange, which is used to establish the symmetric key for the ensuing session." This is an extract from the link provided by the StackofZtuff; I cant understand why does the client do a Diffie-Hellman key exchange if it has already got the RSA key via certificate. Thanks for the links provided – EbyM Jul 31 '17 at 14:30
  • Totally Got It, DH key Exchange are what makes the Perfect forward secrecy work. Thanks to the link shared by StackOfZtuff – EbyM Jul 31 '17 at 14:36

0 Answers0