0

Firstly, which of the two diagrams below is the more accurate or more well-explained (if both are accurate) representation of the SSL process (at a beginner's level)?

Diagram 1

enter image description here

Diagram 2

enter image description here

Also where does the "pre-master secret" in diagram 1, step 5 come from? I presume it comes from diagram 1, step 2? How is it created (is it part of the client hello)?

Additionally, why is there a need for both parties to exchange cipherSpec exchange? Wouldn't it just require the client to send the cipher specs, have the server evaluate it against is own and return a confirmation message?

tsp216
  • 101
  • 3
  • Welcome to CS.SE! "Which is more accurate?" sounds pretty subjective to me. They're both a simplification. You might do better if you try to understand both, and then if there's anything that's unclear, ask about that specifically. SSL/TLS is explained in lots of places. Have you searched thoroughly? Have you searched on Crypto.SE and Security.SE? – D.W. Oct 30 '16 at 02:01
  • @D.W. ^ thanks for the welcome. I suspect the two may possibly be different and hence slightly less accurate due to the fact that although they're both simplifications, the first one is slightly more simplified and hence there may be room for questions. As for the specific areas of the process that needs clarifications, I have addressed them in my question by referring to their diagrams' steps. – tsp216 Oct 30 '16 at 03:38

0 Answers0