2

SSL 服务器是否会为每个连接的客户端随机生成一个临时密钥对?

我了解公钥加密的工作原理——公共加密密钥、秘密解密密钥。这解释了具有 SSL 证书的主机如何从客户端接收加密数据。但是 SSL 服务器如何将加密数据发送回客户端呢?

4

1 回答 1

4

(There was a discussion on this topic in this question, although it was edited a number of times, so it may be confusing.)

The public key in the server certificate is only used during the handshake. During the handshake, the client and server negotiate a secret shared key (a new one for each session) that they use for the actual encryption.

How this secret is negotiated depends on the cipher suite: RSA or Diffie-Hellman key exchange. When using RSA key exchange, the client encrypts the pre-master-secret and sends it to the server (who is the only one able to decrypt it). When using DH, the client verifies the signature of the temporary parameters sent by the server during the DH exchange: the end result is also a shared pre-master-secret. This is then used with the exchanged random values by both parties to compute the master secret.

There are more details in the TLS specification section called "Handshake Protocol Overview".

于 2012-04-13T18:07:36.040 回答