In a SSL session between a client and a server, who is responsible for generating the master secret that will be
used as a seed to generate the symmetric keys that will be used during the session?

A.
Both client and server

B.
The client’s browser

C.
The web server

D.
The merchant’s Certificate Server

Explanation:
HTTP Secure (HTTPS) is HTTP running over SSL. The client browser generates a session key and encrypts it
with the server’s public key.
Incorrect Answers:
A: Only the client generates the key.
C: The client, not the server, generates the key.
D: The client, not a certification server, generates the key.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 855