Hi,
I"m hoping someone could just help my understanding about SSL.
The scenario is a client is purchasing something from an e-commerce site
and submits their credit card info on a form coming from a secure
server. The secure server sends back a confirmation page showing
everything purchased and including the credit card information.
Till now I always thought that the SSL was secure in just one direction
from the client to the server since the client browser encrypts the data
with a public key and the server decrypts with a private key; till someone
else corrected me with the following URL:
http://developer.netscape.com/docs/manuals/security/sslin/contents.htm
Here it reviews the handshake process and from what I gather is that the
public key is used to encrypt the starting key used for the symmetric
encryption of data. Effectively when the handshake is finished data
transferred is simply encrypted data with the symmetric keys.
Hence data sent back to the client is secure and its okey to send secure
information back to the client.
I know its maybe a naive question (and perhaps off topic of this list) but
perhaps someone could just confirm my understanding; it would be most
appreciated.
Thanks
David
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
