标签归档:Forward Secrecy

Enabling Perfect Forward Secrecy

To encrypt communications between you and your end users, you purchase a SSL Certificate, install it on your server, and then configure your website to use the certificate to protect these communications. The SSL connection begins when the end user’s browser reaches out to shake hands with your website.

During this handshake, information regarding the ability of the browser and server are exchanged, validation occurs, and a session key that meets both the browser’s and server’s criteria is created. Once the session key is created, the rest of the conversation between the end user and your site is encrypted and thus secured. Historically, the most common method for negotiating the session key involved the RSA public-key cryptosystem. The RSA approach uses the server’s public key to protect the session key parameters created by the browser once they are sent the server. The server is able to decrypt this handshake with its corresponding private key. 继续阅读