TechQA.

Who generates HTTPS session keys?

5.3k views Asked by At

Some sources says that the web browser generates the session key. Now if the web browser generates it then its vulnerable for replay attacks.

Also some sources says that the server generates a part of it and the rest the client generates. How does HTTPS generate session keys?

security https session-keys
Original Q&A
1

There are 1 answers

0
rook On BEST ANSWER

Both the client and the server generate a Nonce which is used along with other data to generate the "Pre-Master Secret". Even after the connection has closed a session can be resumed and the same "Master Secret" is used. All of this is covered in The first few milliseconds of an HTTPS Connection.

Related Questions in SECURITY

Related Questions in HTTPS

Related Questions in SESSION-KEYS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions