|
|
|
|
|
|
by Natanael_L
3907 days ago
|
|
|
Here's some of the options: Client generates a key, encrypts with server's RSA key, sends it to the server, and the session starts. This lacks PFS. Client and server participates in DH key exchange, the server signs their DH parameters using the RSA key so that the client knows that he's talking to the right person. They now start the session using that DH generated key. This has PFS. And there's same as the above but with DH replaced with elliptic curve DH (different way of achieving the same thing), and RSA replaced with ECDSA, and a few other options. |
|
|