SSL info


To my knowledge, SSL protects content from the browser to the server. However, since the key provided by the server is “public”, i don’t suppose it protects the content from server to browser, or does it ?

If it does, how come ?
If it doesn’t, how can this be solved ?


Thats the info i’m looking for.
It’s perfect thanks Aleksejs.

It does protect content both ways. The word “public” is somewhat misleading (if you have not read details - that is :wink: )

To put it simply - everyone can use servers public key to encrypt message that only server will be able to decrypt (because only server has corresponding private key).

See here for more info on how it works:

https or HTTP over SSL/TLS is a protocol that uses both asymmetric and symmetric encryption. So yes - first using asymmetric crypto client (and optionally server) verifies the identity of server (and optionally client),
then the key-exchange happens using (usually Diffie Hellmann or RSA) key exchange algorithm which is still asymmetric crypto.
and finally all data exchange happens using symmetric crypto (usually 3DES/AES/RC4 with usually one of these hash algorithms for MAC SHA1/MD5) with key that was agreed upon in previous step.

This means that the client can send secure info to the server, it also means that the server can authenticate itself to the client. But that does not mean the server can send secure info to the client.

From the link you gave me, they say that public key encryption is used for symmetric key exchange. Then the encryption becomes symmetric. Now this makes more sense (as protection from server to client exists in symmetric key encryption)

My question is, does this happen in https ?(the symmetric key encryption) or is it only public key encryption ?