Solved

How SSL works in web traffic?

Posted on 2014-12-06
7
285 Views
Last Modified: 2014-12-07
I was watching a tutorial video related to AD FS in Windows 2012.
When setting up trust relationship between two AD FS servers, I'm not quite understanding how SSL/TLS works in terms of Private/Public Key. Maybe it would be the same situation between a website and users accessing it.
I read various articles related to SSL online, still not clear how SSL works.

My understanding of encryption of SSL traffic between a website and users;
Server has a private key and keep in its key store.
Then, server distribute Public keys to users and users download the Public key when accessing through a web browser.
Then, the user computer encrypts data using the public key and send to the web server.
Then, the web server decrypts data using its private key.
At this stage, the traffic is secured. Any middle man can't not decrypt data on the path.

But, when the web server sends data to the user computer, how the traffic is secured?
The web server encrypts data using private key and sends data to the user computer.
Since public keys are distributed to anyone, a middle man can grab the public key and decrypts data???

I guess the situation is the same between AD FS servers. If there are mutiple AD FS trusts, multiple trust partners have the same Public Keys. How traffic from a private key holder to a public key holder is secured?
0
Comment
Question by:crcsupport
  • 3
  • 2
  • 2
7 Comments
 
LVL 84

Accepted Solution

by:
ozo earned 500 total points
ID: 40485208
The client sends the server a random key, which the client encrypts with the servers public key but which can only be decrypted with the servers private key.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 40485210
So the private key is used only once to decrypt the first communication data to extract the random key generated by the client, then use the random key so on?
0
 
LVL 84

Expert Comment

by:ozo
ID: 40485212
Yes.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 1

Author Comment

by:crcsupport
ID: 40485213
I don't know why this very important piece of process is omitted on many online SSL documents.
Thanks!!!
0
 
LVL 76

Expert Comment

by:arnold
ID: 40485217
While ssl/tls are tothe means to secure data exchanges, the AD fs client server setup is different from web traffic.
The AD FS both have to have verifiable certificates (identity assurance)

in web traffic, only the server has a preset private/public key which is presented within the certificate.  During the initial connection, the two sides negotiate the means of communication. the client browser generates a key pair (private/public) that will be used for this session only.
As ozo pointed out, the private key whether preset (server) or randomly generated (client) is the only means by which encrypted data can be decrypted.
Server private key decrypts data sent by the client that used the server public key to encrypt.
The server using client public key to encrypt responses sent to the client
Client uses its randomly generated private key to decrypt encrypted data sent by the server.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 40485221
Arnold, I am sorry, I should have waited to give points to you. That's also the important point. A client generates a key pair (private/public key) as well, not just a single random key.
I really had hard time to understand how this works because there's no such means to show how this actually works visually. The only way to understand is by text. Now it all makes sense. The important part is what client does. They also  generate keys as well.


I hope anyone having hard time to understand PKI would find the above two posts are very helpful.
0
 
LVL 76

Expert Comment

by:arnold
ID: 40485479
Not an issue on point awarding, ozo's post answered your question to your satisfaction.

The SSL/TLS is covered in more detail when discussing the mechanics/communication negotiation process that deals with establishing the connection.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

OfficeMate Freezes on login or does not load after login credentials are input.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now