Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: SSL/TLS uses the public key to encrypt data ?
Operating Systems Linux SSL/TLS uses the public key to encrypt data ? Post 302495216 by DGPickett on Wednesday 9th of February 2011 04:45:36 PM
Old 02-09-2011
SSL uses the PPK and diffie-hellman to share a random session key, and then uses that to encrypt the session. (You thought it would be simple?) This reduces the exposure of the PPK. The session key can be regenerated at intervals, reducing its exposure.

The digital signature, chain of trust from certificate to certificate on PPK is to ensure you have the true correspondent, not some hacker who has rerouted your connection.

I just use it and trust, but this helps explain the slow start and the advantages of HTTP/1.1 persistent on https.
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Secure ftp using ssl/tls

We have a requirement to setup secure ftp between our AIX v5.3 system and our mainframe. We don't want to use openssh with sftp and scp. Our mainframe uses ftp over ssl/tls so we have to use this on our AIX box. We have openssl on our AIX system but I'm not sure how to setup ssl/tls over ftp on... (4 Replies)
Discussion started by: DANNYC
4 Replies

2. UNIX for Dummies Questions & Answers

SSL Public key/Private question

Hi everyone, I have a quick/newb question: I know that a public key is used to encrypt data and a private key is used to decrypt data but who keeps the public/private keys?? Does the Web Server hold both? Does the Web Server have the public key and does the client have the private key? ... (3 Replies)
Discussion started by: tical00
3 Replies

3. Cybersecurity

TLS/SSL vulnerability explained

Here's a pretty good, and even PHB-compatible, explanation of the current TLS/SSl protocol vulnerability, including samples. (0 Replies)
Discussion started by: pludi
0 Replies

4. UNIX for Dummies Questions & Answers

TLS/SSL Openldap Centos 5.5

hi guys I configured my openldap but now I want to implement SSL-TLS This is my basic slapd.conf configuration include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include ... (2 Replies)
Discussion started by: karlochacon
2 Replies

5. Solaris

Solaris 8 ssh public key authentication issue - Server refused our key

Hi, I've used the following way to set ssh public key authentication and it is working fine on Solaris 10, RedHat Linux and SuSE Linux servers without any problem. But I got error 'Server refused our key' on Solaris 8 system. Solaris 8 uses SSH2 too. Why? Please help. Thanks. ... (1 Reply)
Discussion started by: aixlover
1 Replies

6. Red Hat

HOW TO DISABLE SSL/TLS RENEGOTIATION?

Hi guys, Those who work on Apache may help me on this. I have following problem Description: The remote service encrypts traffic using TLS / SSL and permits clients to renegotiate connections. The computational requirements for renegotiating a connection are asymmetrical between the... (3 Replies)
Discussion started by: manalisharmabe
3 Replies

7. UNIX for Advanced & Expert Users

ldap over tls -- ssl cert help

Hey Guys, I am trying to setup ldap over tls in our lab. I am generating a self signed cert on the ldap server and importing that into the ldap system so it will use ldap over port 636. The clients will be a mix of solaris and redhat. I am lost on what I need to do on the client side to get... (0 Replies)
Discussion started by: s ladd
0 Replies

8. Shell Programming and Scripting

SSH shell script to access FTP over explicit TLS/SSL

Hello, I use the following SSH script to upload *.jpg files via FTP: #!/usr/bin/expect set timeout -1 spawn ftp -v -i expect "" send "\r" expect "Password:" send "\r" expect "ftp>" send "mput *.jpg\r" expect "ftp>" send "quit\r" replaced with actual ftp server/account data. ... (5 Replies)
Discussion started by: mrpi007
5 Replies

9. UNIX for Advanced & Expert Users

SSL/TLS with openldap

Hello to all, I'm beguinner in Linux instalations and I'm trying to Communicate from Web Sites that i have running under apache with openLDAP for users authentication using SSL mediation that seems to be connected with LDAPS. Can someone advise me how to do this, I have already installed... (1 Reply)
Discussion started by: CPMarco
1 Replies

LEARN ABOUT CENTOS

ne_close_connection

NE_SESSION_CREATE(3)						neon API reference					      NE_SESSION_CREATE(3)

NAME

       ne_session_create, ne_close_connection, ne_session_destroy - set up HTTP sessions

SYNOPSIS

       #include <ne_session.h>

       ne_session *ne_session_create(const char *scheme, const char *hostname, unsigned int port);

       void ne_close_connection(ne_session *session);

       void ne_session_destroy(ne_session *session);

DESCRIPTION

       An ne_session object represents an HTTP session - a logical grouping of a sequence of HTTP requests made to a certain server. Any requests
       made using the session can use a persistent connection, share cached authentication credentials and any other common attributes.

       A new HTTP session is created using the ne_session_create function; the hostname and port parameters specify the origin server to use,
       along with the scheme (usually "http"). Before the first use of ne_session_create in a process, ne_sock_init must have been called to
       perform any global initialization needed by any libraries used by neon.

       To enable SSL/TLS for the session, pass the string "https" as the scheme parameter, and either register a certificate verification function
       (see ne_ssl_set_verify) or trust the appropriate certificate (see ne_ssl_trust_cert, ne_ssl_trust_default_ca).

       To use a proxy server for the session, it must be configured (see ne_session_proxy) before any requests are created from session object.

       Further per-session options may be changed using the ne_set_session_flag interface.

       If it is known that the session will not be used for a significant period of time, ne_close_connection can be called to close the
       connection, if one remains open. Use of this function is entirely optional, but it must not be called if there is a request active using
       the session.

       Once a session has been completed, ne_session_destroy must be called to destroy the resources associated with the session. Any subsequent
       use of the session pointer produces undefined behaviour. The session object must not be destroyed until after all associated request
       objects have been destroyed.

NOTES

       The hostname passed to ne_session_create is resolved when the first request using the session is dispatched; a DNS resolution failure can
       only be detected at that time (using the NE_LOOKUP error code); see ne_request_dispatch for details.

RETURN VALUES

       ne_session_create will return a pointer to a new session object (and never NULL).

EXAMPLES

       Create and destroy a session:

	   ne_session *sess;
	   sess = ne_session_create("http", "host.example.com", 80);
	   /* ... use sess ... */
	   ne_session_destroy(sess);

SEE ALSO

       ne_ssl_set_verify, ne_ssl_trust_cert, ne_sock_init, ne_set_session_flag

AUTHOR

       Joe Orton <neon@lists.manyfish.co.uk>
	   Author.

COPYRIGHT

neon 0.30.0							   31 July 2013 					      NE_SESSION_CREATE(3)
All times are GMT -4. The time now is 02:02 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy