|
 |
The browser asks to start a secure
session with the server. |
|
|
The server returns the site's
certificate. |
|
|
The browser checks the certificate
information for validity |
|
|
The browser creates a session key,
which is encrypted with the server's public key,
which is then sent to the server |
|
|
The server then decrypts this
information using its private key. |
|
|
Both the browser and the server now
are using the same session key |
You can control which method and strength
of encryption is required. There are options that allow
you for example, to see if 128-bit encryption is
supported by the browser. If you have a policy of
enforcing very strong encryption, then you can send a
message back to the user suggesting they download a 128
bit enabled browser.
Once both the browser and the server are
using the same secret key for encrypting and decrypting
their information, they can then have a certain amount
of comfort in knowing their information cannot be
intercepted and decoded by a third party. Of course,
this depends on whether strong or weak encryption is
used.
For the visitor to your site, the little
lock icon will appear on their browser. As long as you
continue to use the https: protocol, everything between
the browser and your scripts are encrypted without you
having to worry about the details. |
