> If the client asks the server for a secure connection, the server starts its
> handshake by sending a suggestion of a private-private-key encryption
> (encrypted with its private-key).
>
> Right so far?
No. Totally wrong.
Suggest you read more about the protocol details. A key (sic) point is
that the client helps generate the session key, encrypted in the
server's public key.
/r$
--
Zolera Systems, Securing web services (XML, SOAP, Signatures,
Encryption)
http://www.zolera.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
