As a Web Developer I recently realised my understanding of HTTPS is poor and am currently endeavouring to better understand it.
After some initial reading I'm left a bit puzzled as to why initially asymmetric private/public key cryptography is used but only as a means to exchange a symmetric key.
Why do the client and server not, once the client has verified the server's certificate and has its public key, just exchange data encrypted with each other's public key?
I realise this is probably a naive question!
