Is the most complex part about TLS. It allows client and server to:
It has four phases.
Why is ClientKeyExchange needed? → So the client can send encrypted things to server.
As we know we can use RSA or DH to exchange keys. One thing to keep in mind is perfect forward secrecy.
Means that if an attacker gets a hold of the private key, he can’t decrypt older sessions with it. The private keys should not have anything to do with each other.
RSA does not have perfect forward secrecy.
DH has perfect forward secrecy
Premaster Secret → DH shared secret, RSA encrypted message…
PRF → Pseudo-Random Function