Derek Shinaberry wrote: > Can someone help me understand why you must have the server's private > key in order to be able to decrypt the session between the client and > the server? It seems to me that if the server and client can conduct > the session without the client ever knowing the server's private key, > then a capture of the session on the client's side ought to be able > to decrypt the session using just what is in the SSL handshake > exchange. What don't I understand about the process that precludes > this behavior?
You might want to read: http://en.wikipedia.org/wiki/Public_key_cryptography _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
