[thelist] https question

Aleem Bawany aleem.bawany at utoronto.ca
Fri Jan 10 16:53:01 CST 2003

> Just to clear this up:
> Sending form data to a secure page from *any* page:
> 1. Client initiates HTTP connection on port 443 (or
> whatever is defined for SSL over HTTP) 2. Server
> responds, and the encryption level is negotiated. Server
> sends client certificate to client. 3. Client uses the
> certificate to encrypt the REQUEST, and this is then sent
> to server. 4. Server uses certificate to decrypt the
> REQUEST, and process.
> 5. Server encrypts RESPONSE, and sends to client. 6.
> Client decrypts RESPONSE, and displays. 7. Connection is
> closed.
> Forget querystrings and stateful connections. There is no
> querystring, no form data, nothing, until *after* an HTTP
> connection has been successfully negotiated and
> encryption is in place.

that explains things a bite better. It's step 3 I couldn't
overcome earlier - the fact that the client doesn't send
the data until recieving the certificate but all doubt is
gone now.


[ http://members.evolt.org/aleem/ ]

More information about the thelist mailing list