Who generates HTTPS session keys?

Question

Who generates HTTPS session keys?

Some sources say that the web browser generates a session key. Now, if the web browser generates it, then it is vulnerable to repeated attacks.

Also, some sources report that the server generates part of it, and the rest is the client. How does HTTPS generate session keys?

+5

security https session-keys

user574183 Jan 21 '11 at 9:14

source share

1 answer

rook · Accepted Answer · 2011-01-21T16:06:44+0000

Both the client and server generate Nonce, which is used along with other data to generate the “Pre-Master Secret”. Even after the connection is closed, the session can be resumed, and the same "Master Secret" is used. All of this is described in the first few milliseconds of an HTTPS connection .

Who generates HTTPS session keys?

More articles: