Which of the following best describes session key creation in SSL?
A.
It is created by the server after verifying theuser’s identity
B.
It is created by the server upon connection by the client
C.
It is created by the client from the server’s public key
D.
It is created by the client after verifying the server’s identity
Explanation:
An SSL session always begins with an exchange of messages called the SSL
handshake. The handshake allows the server to authenticate itself to the client using public-key
techniques,then allows the client and the server to cooperate in the creation of symmetric keys
used for rapid encryption,decryption,and tamper detection during the session that follows.
Optionally,the handshake also allows the client to authenticate itself to the server.
Ans: D
In SSL protocol handshake both sides generate the same encryption key which is then used for the session. It is done following this procedure, in general:
Client & server generate each a random value and send to each other
Server sends the public key to the client
The client generates a value called “pre-master secret” using both random values, and encrypts it using server’s key, then sends it to the server
Now both client and server have each other’s random values and “pre-master secret”, so basing on this information they can both generate the same session key and start using it in encrypting the following messages.