5.1.2 Procedure of SSL communication
The procedure of SSL communication is described below. The procedure mentioned in steps 2 to 6 below is called SSL handshake:
-
Execute https:// requests from the Web browser.
-
The Web browser sends SSL versions that can be used and the data that displays encryption types to the Web server.
-
The Web server determines and reports the SSL version to be used and the encryption type to the Web browser. Additionally, the Web server sends the public key and the certificate with CA signature to the Web browser.
-
The Web browser uses an available CA public key, confirms that the sent certificate is not tempered, and then acquires Web server public key.
-
The Web browser creates a symmetric key that is shared with the Web server through communication, encrypts the symmetric key with Web server public key, and then sends. To present the available certificate for client authentication on the Web server, the Web browser sends the certificate to the Web server.
The data encrypted by Web server public key cannot be decrypted, if there is no corresponding private key. In other words, only the Web server to which the data is sent can decode the data items.
-
The Web server decrypts the received symmetric key with Web server private key, and procures the symmetric key. When the Web server receives the certificate from the Web browser, the Web server confirms the certificate.
-
The HTTP request or the response is encrypted for a two-way transmission, with the symmetric key shared between the Web browser and the Web server.
The following figure shows the SSL communication request process.
|
|
![[Figure]](GRAPHICS/ZU020550.GIF)
The strongest available encryption valid for both the client and the Web server is chosen for handshaking. You use the SSLCipherSuite directive to specify the encryption type of the Web server. If you always enable all the encryption types with this specification, you can use the strongest encryption available on the client to send the data.