Before we get started, let's just have a refresher on how the browser-to-server encryption works and what we need to consider. This is a very brief overview specific to a basic web server scenario, so the process can vary for different scenarios:
Following are the steps that happen in a web server scenario:
- First, the browser communicates with the web server and requests the start of an SSL handshake. This is also where the browser can let the server know what cipher (encryption) algorithms it will allow.
- Next, the server responds to the browser. At this stage, the server will confirm which cipher (based on the list provided by the browser) will be used. The server will also send a copy of the public certificate to the client. The browser will then communicate with the Certificate Authority (CA) to authenticate the certificate.
- Next, the key exchange...
