![]() ![]() ![]() You won't see anything except "encrypted application data". SSL protects the client-server traffic against eavesdroppers, including yourself. As an outsider, you won't be able to read it, because that's the whole point of SSL. However, all the application data is encrypted, since that's what SSL was designed for. The user password will be part of that application data. When a Web site requires client authentication, this process occurs at the HTTP level, so, from the point of view of SSL, as "application data". ![]() HTTPS is "HTTP within SSL": a SSL handshake is made first and then, plain HTTP traffic (HTTP requests with their headers, and corresponding responses) are conveyed as "application data" through the SSL tunnel. The point of SSL is to establish a bidirectional tunnel for arbitrary data that "arbitrary data" is called application data in SSL terminology. A lot of cryptography is involved, to the effect that at the end of the handshake, client and server share a common session-specific secret value, from which they derive keys for encryption and integrity checks of data in both directions. To make the story short, SSL begins with a special procedure called the handshake in which client and server exchange "handshake messages". For a description of how SSL works, see this answer. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |