O'Reilly logo

HTTP Developer’s Handbook by Chris Shiflett

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Applying Cryptography to HTTP

SSL is basically a protocol that employs both symmetric and asymmetric cryptography to protect messages that use TCP as the transport-level protocol. Because of the high performance expense of asymmetric cryptography, it is only used to exchange the randomly generated symmetric key that is then used for the symmetric encryption of the HTTP messages. Figure 18.5 illustrates this point. The same symmetric key is used as long as the TCP connection remains open.

Figure 18.5. SSL utilizes both symmetric and asymmetric cryptography.

When used to protect Web communication, SSL’s position in the protocol stack is just ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required