Since asymmetric encryption systems have much higher overhead, they are not usable to provide full-time, real-world security. The handshake itself uses asymmetric encryption – two separate keys are used, one public and one private. Let’s try to address some common points: Asymmetric vs symmetric encryption Some confusion about how SSL/TLS handshakes work is due to the handshake being only the prelude to the actual, secured session itself. Let’s throw a chart up that shows a broad model of how a TLS handshake works, shall we? You might notice that any dozen descriptions will hew more or less to this format, while differing in detail a dozen different ways – sometimes confusingly so. This all happens in the background, thankfully – every time you direct your browser to a secure site a complex interaction takes place to make sure that your data is safe. It determines what version of SSL/TLS will be used in the session, which cipher suite will encrypt communication, verifies the server (and sometimes also the client), and establishes that a secure connection is in place before transferring data.
0 kommentar(er)
