0

I'm wondering what is the bank-grade encryption for traffic between a client (say, Windows app) and a server, both on local network. It looks like to use ssl encryption, they must have Internet access to verify SSL certificate from the CA.

What is the best encryption in practice now?

(Pardon me for novice's question if you think so, just point me to good read-ups pls)

EyeQ Tech
  • 101
  • 1
  • The client does not need to have a route to the CA in order to verify the CA's signature on the certificate. The client just needs to know the CA's public key. See https://security.stackexchange.com/questions/56389/ssl-certificate-framework-101-how-does-the-browser-actually-verify-the-validity – mti2935 Jan 11 '20 at 07:41
  • @mti2935 thanks, but how can the client knows CA's public key if both client and server is on local LAN (since it's the bank, they don't any outside connection) – EyeQ Tech Jan 11 '20 at 07:46
  • The client typically stores the certificate of the CA (which contains the CA's public key) in its local certificate store. There is no interaction between the client and the CA when the client verifies the CA's signature on the server's certificate. – mti2935 Jan 11 '20 at 07:57
  • @mti2935 thanks, yeah I've confirmed by disabling the root certificate on my machine then do an all LAN connection, the ssl failed. – EyeQ Tech Jan 13 '20 at 08:49

0 Answers0