Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Who generates HTTPS session keys?

Tags:

security

https

session-keys

Some sources says that the web browser generates the session key. Now if the web browser generates it then its vulnerable for replay attacks.

Also some sources says that the server generates a part of it and the rest the client generates. How does HTTPS generate session keys?

like image 974
user574183 Avatar asked Jan 21 '11 09:01

user574183

1 Answers

Both the client and the server generate a Nonce which is used along with other data to generate the "Pre-Master Secret". Even after the connection has closed a session can be resumed and the same "Master Secret" is used. All of this is covered in The first few milliseconds of an HTTPS Connection.

like image 181
rook Avatar answered Sep 29 '22 00:09

rook
Sign in to Comment

Related questions

Login not triggered for restricted page in glassfish jdbcrealm authentication
Security flaw in this code approach
How can I ensure that a Java object (containing cryptographic material) is zeroized?
PHP security question?
Good Guide For Web App Security?
How to detect hidden field tampering?
Cloud security and privacy [closed]
How to sign XML document or verify XML document signature with C++?
Preventing server-side scripting, XSS
How to restrict access to web application to one machine only?
Is fopen safe to use in public software?
SASL library for .net
Query TFS for permissions
Is HTML Email Obfuscation safe enough to stop bots?
How do I check if an NTAccount object represents a Group or a User?
How to protect a Google App Engine app with a password?
How do netbank login dongles work?
Allowing any character in the URL in CodeIgniter
Securing a SQL Server 2008R2 database
If a HTTP web page makes an ajax request to a HTTPS url is the post secure?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!