> If the client asks the server for a secure connection, the server starts its > handshake by sending a suggestion of a private-private-key encryption > (encrypted with its private-key). > > Right so far?
No. Totally wrong. Suggest you read more about the protocol details. A key (sic) point is that the client helps generate the session key, encrypted in the server's public key. /r$ -- Zolera Systems, Securing web services (XML, SOAP, Signatures, Encryption) http://www.zolera.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]