0

When you connect to a HTTPS server the server encrypts its data using the private key of its private certificate. The client decrypts it using the server's public key of the server's public certificate.

But when the client sends the header to the server how is that data encrypted?

Normally the client has no certificate. So how does it work?

I found this post but it does not answer the question. Also I did read this post.

I only want to have an answer for this question for the default case where the client does not have a certificate.

zomega
  • 133
  • 7
  • 1
    *"When you connect to a HTTPS server the server encrypts its data using its private certificate. "* - This description is completely wrong. In short - there is a key exchange done with keys derived for symmetric encryption in both directions. These keys are then used for application data from client to server and server to client. – Steffen Ullrich Oct 16 '22 at 08:40
  • @SteffenUllrich The server normally encrypts its data using the private certificate's private key. So what I said was correct. – zomega Oct 16 '22 at 09:21
  • My question is if the client calculates its keys itself how can it send the public key to the server safely? – zomega Oct 16 '22 at 09:30
  • I'm afraid that you do not understand the process and you have incorrect assumptions. The linked answers are what you need to know. Please look up the section on "key exchange" that Steffen mentions. – schroeder Oct 16 '22 at 09:37
  • I always thought the private key of the server is used for data encryption. I think that was my error in understanding. Thank you for your help... – zomega Oct 16 '22 at 09:51

0 Answers0