Also, is the server certificate also passed each time for every response?
And is there any particular link/book where I can do more reading specifically about these things?
Thanks.
Asked
Active
Viewed 1,086 times
2
-
Well, I am not an expert, but the full certificate does not travel on the wire, only a message encrypted with the public key portion of the certificate. You could probably look up the RFCs related to SSL/HTTPS to get the complete picture, or as you say get a book. – 500 - Internal Server Error Jul 31 '14 at 23:03
-
There are a couple of good books I have used. The first two are implementation oriented: [Network Security with OpenSSL](http://www.amazon.com/dp/059600270X) and [SSL and TLS: Designing and Building Secure Systems](http://www.amazon.com/dp/0201615983). The third is [Network Security: Private Communication in a Public World](http://www.amazon.com/dp/0130460192). There are likely many more. – jww Aug 01 '14 at 13:29
1 Answers
1
With a full handshake the complete certificates are transferred. If the SSL session then gets a proper SSL shutdown before terminating the underlying TCP connection and if client and server support it this session can later be resumed. In this case only the session ticket gets exchanged and not the full certificates again.
There are lots of resources which describe this if you search for "SSL handshake", e.g. http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html
Steffen Ullrich
- 114,247
- 10
- 131
- 172