• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 396
  • Last Modified:

SSL and SSL Client authentication

Can SSL authentication be used just before the session invokes a SSL data transfer protocol (with its own hadnshaking?)

In other words, can you use the two protocols together seemlessly without need for user input.

Thanks
0
Anthony Lucia
Asked:
Anthony Lucia
1 Solution
 
MaheshArchitectCommented:
user input is required in case of SSL
When you 1st access ssl enabled sites, their certificate public key sent to you through browser
Now you enter your username and password and encrypt that with server public key and sent to server
Server has associated private key which can decrypt that credentials and again send  confirmation to client by encrypting it with its private key
Again client is able to decrypt that with provided public key

Also if certificate mapping is enabled, then user has to provide its client certificate as well

Mahesh
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now