HTTPS connections - How are the keypairs managed
In an HTTPS connection, a client and a server exchange public keys and use these keys to encrypt their messages using an algorithm (e.g. RSA) (Asymmetric encryption). Interestingly, for HTTPS connections on web, after both sides assure they have a secure channel, they transmit a key for sending further messages encrypted by another algorithm (Symmetric encryption). Symmetric encryption is used because asymmetric encryption is computationally heavy. After they agree upon a single secret encryption key, the server and client can easily transmit messages (text, images, heavy video, etc).
Now, my questions are : How is the keypair(s) used for https connections managed? Does the OS manage them or is it the browsers? Where are they stored? Can one change them? Is a (new) keypair generated for every https connection that a client makes?
Logically, a single keypair will serve a client for lifetime. So each OS needs to have a bunch of keys of various lengths generated for each algorithm.
Specifically, I'm very curious about how it is done in android. I am trying to decide on how to manage https connections in my app, but I didn't find any libraries that allow me to use a specific keypair for the connection, and that made me thinking about all these stuff.
android encryption https cryptography operating-system asked Nov 20 '18 at 19:13
Shamshun
6019
add a comment |
In an HTTPS connection, a client and a server exchange public keys and use these keys to encrypt their messages using an algorithm (e.g. RSA) (Asymmetric encryption). Interestingly, for HTTPS connections on web, after both sides assure they have a secure channel, they transmit a key for sending further messages encrypted by another algorithm (Symmetric encryption). Symmetric encryption is used because asymmetric encryption is computationally heavy. After they agree upon a single secret encryption key, the server and client can easily transmit messages (text, images, heavy video, etc).
Now, my questions are : How is the keypair(s) used for https connections managed? Does the OS manage them or is it the browsers? Where are they stored? Can one change them? Is a (new) keypair generated for every https connection that a client makes?
Logically, a single keypair will serve a client for lifetime. So each OS needs to have a bunch of keys of various lengths generated for each algorithm.
Specifically, I'm very curious about how it is done in android. I am trying to decide on how to manage https connections in my app, but I didn't find any libraries that allow me to use a specific keypair for the connection, and that made me thinking about all these stuff.
android encryption https cryptography operating-system asked Nov 20 '18 at 19:13
Shamshun
6019
add a comment |
In an HTTPS connection, a client and a server exchange public keys and use these keys to encrypt their messages using an algorithm (e.g. RSA) (Asymmetric encryption). Interestingly, for HTTPS connections on web, after both sides assure they have a secure channel, they transmit a key for sending further messages encrypted by another algorithm (Symmetric encryption). Symmetric encryption is used because asymmetric encryption is computationally heavy. After they agree upon a single secret encryption key, the server and client can easily transmit messages (text, images, heavy video, etc).
Now, my questions are : How is the keypair(s) used for https connections managed? Does the OS manage them or is it the browsers? Where are they stored? Can one change them? Is a (new) keypair generated for every https connection that a client makes?
Logically, a single keypair will serve a client for lifetime. So each OS needs to have a bunch of keys of various lengths generated for each algorithm.
Specifically, I'm very curious about how it is done in android. I am trying to decide on how to manage https connections in my app, but I didn't find any libraries that allow me to use a specific keypair for the connection, and that made me thinking about all these stuff.
android encryption https cryptography operating-system asked Nov 20 '18 at 19:13
Shamshun
6019
In an HTTPS connection, a client and a server exchange public keys and use these keys to encrypt their messages using an algorithm (e.g. RSA) (Asymmetric encryption). Interestingly, for HTTPS connections on web, after both sides assure they have a secure channel, they transmit a key for sending further messages encrypted by another algorithm (Symmetric encryption). Symmetric encryption is used because asymmetric encryption is computationally heavy. After they agree upon a single secret encryption key, the server and client can easily transmit messages (text, images, heavy video, etc).
Now, my questions are : How is the keypair(s) used for https connections managed? Does the OS manage them or is it the browsers? Where are they stored? Can one change them? Is a (new) keypair generated for every https connection that a client makes?
Logically, a single keypair will serve a client for lifetime. So each OS needs to have a bunch of keys of various lengths generated for each algorithm.
Specifically, I'm very curious about how it is done in android. I am trying to decide on how to manage https connections in my app, but I didn't find any libraries that allow me to use a specific keypair for the connection, and that made me thinking about all these stuff.
android encryption https cryptography operating-system android encryption https cryptography operating-system asked Nov 20 '18 at 19:13
Shamshun
6019
asked Nov 20 '18 at 19:13
Shamshun
6019
asked Nov 20 '18 at 19:13
Shamshun
6019
asked Nov 20 '18 at 19:13
Shamshun
6019
asked Nov 20 '18 at 19:13
Shamshun
6019
6019
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
In an HTTPS connection, a client and a server exchange public keys and use these keys to encrypt their messages using an algorithm (e.g. RSA) (Asymmetric encryption)
This is not true. The key pairs are used to establish a pre-master secret, from which the symmetric keys are derived. This can be done by using key agreement (DH/DHE/ECDH/ECDHE ciphersuites) in TLS up to and including TLS 1.3. In earlier versions of the standard it is also possible to encrypt that secret - generated by the client - using RSA encryption, just using the key pair of the server.
Interestingly, for HTTPS connections on web, after both sides assure they have a secure channel, they transmit a key for sending further messages encrypted by another algorithm (Symmetric encryption).
No, the pre-master secret is used to generate the master secret, which is then used to derive the session keys using a key derivation function, generally called a PRF in TLS standards up to 1.3.
Symmetric encryption is used because asymmetric encryption is computationally heavy.
It also expands the ciphertexts by a much larger amount than asymmetric encryption. It is a misconception that it depends just on being computationally heavy. Otherwise this is correct.
After they agree upon a single secret encryption key, the server and client can easily transmit messages (text, images, heavy video, etc).
No. First of all the previous messages need to be authenticated. Otherwise an attacker could insert information to attack the scheme. Furthermore, two to four keys are used to encrypt the data frames. If a cipher with authentication is needed then one key is used to create messages in either direction. If a cipher without authentication is used then another key is needed for each direction to provide integrity and authenticity by calculating a MAC - commonly HMAC.
Now, my questions are : How is the keypair(s) used for https connections managed?
That depends on the key pair and the implementation.
Does the OS manage them or is it the browsers?
That depends as well. Firefox certainly manages it's own keys and certificates. However IE and Edge generally use SChannel, a TLS implementation within Windows that uses the Windows certificate / key store.
Where are they stored?
Ephemeral (temporary) key pairs are generally kept in memory. Static key pairs are generally kept in permanent storage or they may even be hardware protected.
Can one change them?
No, you can generate new ones, but if you change them then they will not be valid anymore.
Is a (new) keypair generated for every https connection that a client makes?
The E in DHE and ECDHE based ciphersuites means ephemeral. For the - sparsely used - DH and ECDH schemes one key pair is static and the other one is ephemeral. Otherwise key pairs are static and the answer is no. The public keys of static key pairs are generally within X.509 certificates. To use static key pairs it is important to establish trust in the public key.
Logically, a single keypair will serve a client for lifetime. So each OS needs to have a bunch of keys of various lengths generated for each algorithm.
That's complete and utter nonsense. A client will generally not even have a key pair. Certificates all have a validity period in which they need used. A client commonly doesn't even have a certificate. Keys need to be renewed. Ephemeral key pairs are generated on the fly.
Specifically, I'm very curious about how it is done in android. I am trying to decide on how to manage https connections in my app, but I didn't find any libraries that allow me to use a specific keypair for the connection, and that made me thinking about all these stuff.
You should not be thinking, because anything you wrote above is utterly wrong (well except for that single sentence, which is merely incomplete). You should be reading - for the TLS RFC's for starters. Thinking comes after you've established a sufficient base of knowledge.
If you have any interesting thoughts now: write them down, learn, and then check if they are worth keeping.
answered Nov 21 '18 at 16:12
Maarten Bodewes
61.4k1077172
Note that I've also voted to close this. I have posted it as you have shown clear interest in TLS, so please see this as a short personal tutorial on the subject.
– Maarten Bodewes
Nov 21 '18 at 18:19
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53399983%2fhttps-connections-how-are-the-keypairs-managed%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
In an HTTPS connection, a client and a server exchange public keys and use these keys to encrypt their messages using an algorithm (e.g. RSA) (Asymmetric encryption)
This is not true. The key pairs are used to establish a pre-master secret, from which the symmetric keys are derived. This can be done by using key agreement (DH/DHE/ECDH/ECDHE ciphersuites) in TLS up to and including TLS 1.3. In earlier versions of the standard it is also possible to encrypt that secret - generated by the client - using RSA encryption, just using the key pair of the server.
Interestingly, for HTTPS connections on web, after both sides assure they have a secure channel, they transmit a key for sending further messages encrypted by another algorithm (Symmetric encryption).
No, the pre-master secret is used to generate the master secret, which is then used to derive the session keys using a key derivation function, generally called a PRF in TLS standards up to 1.3.
Symmetric encryption is used because asymmetric encryption is computationally heavy.
It also expands the ciphertexts by a much larger amount than asymmetric encryption. It is a misconception that it depends just on being computationally heavy. Otherwise this is correct.
After they agree upon a single secret encryption key, the server and client can easily transmit messages (text, images, heavy video, etc).
No. First of all the previous messages need to be authenticated. Otherwise an attacker could insert information to attack the scheme. Furthermore, two to four keys are used to encrypt the data frames. If a cipher with authentication is needed then one key is used to create messages in either direction. If a cipher without authentication is used then another key is needed for each direction to provide integrity and authenticity by calculating a MAC - commonly HMAC.
Now, my questions are : How is the keypair(s) used for https connections managed?
That depends on the key pair and the implementation.
Does the OS manage them or is it the browsers?
That depends as well. Firefox certainly manages it's own keys and certificates. However IE and Edge generally use SChannel, a TLS implementation within Windows that uses the Windows certificate / key store.
Where are they stored?
Ephemeral (temporary) key pairs are generally kept in memory. Static key pairs are generally kept in permanent storage or they may even be hardware protected.
Can one change them?
No, you can generate new ones, but if you change them then they will not be valid anymore.
Is a (new) keypair generated for every https connection that a client makes?
The E in DHE and ECDHE based ciphersuites means ephemeral. For the - sparsely used - DH and ECDH schemes one key pair is static and the other one is ephemeral. Otherwise key pairs are static and the answer is no. The public keys of static key pairs are generally within X.509 certificates. To use static key pairs it is important to establish trust in the public key.
Logically, a single keypair will serve a client for lifetime. So each OS needs to have a bunch of keys of various lengths generated for each algorithm.
That's complete and utter nonsense. A client will generally not even have a key pair. Certificates all have a validity period in which they need used. A client commonly doesn't even have a certificate. Keys need to be renewed. Ephemeral key pairs are generated on the fly.
Specifically, I'm very curious about how it is done in android. I am trying to decide on how to manage https connections in my app, but I didn't find any libraries that allow me to use a specific keypair for the connection, and that made me thinking about all these stuff.
You should not be thinking, because anything you wrote above is utterly wrong (well except for that single sentence, which is merely incomplete). You should be reading - for the TLS RFC's for starters. Thinking comes after you've established a sufficient base of knowledge.
If you have any interesting thoughts now: write them down, learn, and then check if they are worth keeping.
answered Nov 21 '18 at 16:12
Maarten Bodewes
61.4k1077172
Note that I've also voted to close this. I have posted it as you have shown clear interest in TLS, so please see this as a short personal tutorial on the subject.
– Maarten Bodewes
Nov 21 '18 at 18:19
add a comment |
In an HTTPS connection, a client and a server exchange public keys and use these keys to encrypt their messages using an algorithm (e.g. RSA) (Asymmetric encryption)
This is not true. The key pairs are used to establish a pre-master secret, from which the symmetric keys are derived. This can be done by using key agreement (DH/DHE/ECDH/ECDHE ciphersuites) in TLS up to and including TLS 1.3. In earlier versions of the standard it is also possible to encrypt that secret - generated by the client - using RSA encryption, just using the key pair of the server.
Interestingly, for HTTPS connections on web, after both sides assure they have a secure channel, they transmit a key for sending further messages encrypted by another algorithm (Symmetric encryption).
No, the pre-master secret is used to generate the master secret, which is then used to derive the session keys using a key derivation function, generally called a PRF in TLS standards up to 1.3.
Symmetric encryption is used because asymmetric encryption is computationally heavy.
It also expands the ciphertexts by a much larger amount than asymmetric encryption. It is a misconception that it depends just on being computationally heavy. Otherwise this is correct.
After they agree upon a single secret encryption key, the server and client can easily transmit messages (text, images, heavy video, etc).
No. First of all the previous messages need to be authenticated. Otherwise an attacker could insert information to attack the scheme. Furthermore, two to four keys are used to encrypt the data frames. If a cipher with authentication is needed then one key is used to create messages in either direction. If a cipher without authentication is used then another key is needed for each direction to provide integrity and authenticity by calculating a MAC - commonly HMAC.
Now, my questions are : How is the keypair(s) used for https connections managed?
That depends on the key pair and the implementation.
Does the OS manage them or is it the browsers?
That depends as well. Firefox certainly manages it's own keys and certificates. However IE and Edge generally use SChannel, a TLS implementation within Windows that uses the Windows certificate / key store.
Where are they stored?
Ephemeral (temporary) key pairs are generally kept in memory. Static key pairs are generally kept in permanent storage or they may even be hardware protected.
Can one change them?
No, you can generate new ones, but if you change them then they will not be valid anymore.
Is a (new) keypair generated for every https connection that a client makes?
The E in DHE and ECDHE based ciphersuites means ephemeral. For the - sparsely used - DH and ECDH schemes one key pair is static and the other one is ephemeral. Otherwise key pairs are static and the answer is no. The public keys of static key pairs are generally within X.509 certificates. To use static key pairs it is important to establish trust in the public key.
Logically, a single keypair will serve a client for lifetime. So each OS needs to have a bunch of keys of various lengths generated for each algorithm.
That's complete and utter nonsense. A client will generally not even have a key pair. Certificates all have a validity period in which they need used. A client commonly doesn't even have a certificate. Keys need to be renewed. Ephemeral key pairs are generated on the fly.
Specifically, I'm very curious about how it is done in android. I am trying to decide on how to manage https connections in my app, but I didn't find any libraries that allow me to use a specific keypair for the connection, and that made me thinking about all these stuff.
You should not be thinking, because anything you wrote above is utterly wrong (well except for that single sentence, which is merely incomplete). You should be reading - for the TLS RFC's for starters. Thinking comes after you've established a sufficient base of knowledge.
If you have any interesting thoughts now: write them down, learn, and then check if they are worth keeping.
answered Nov 21 '18 at 16:12
Maarten Bodewes
61.4k1077172
Note that I've also voted to close this. I have posted it as you have shown clear interest in TLS, so please see this as a short personal tutorial on the subject.
– Maarten Bodewes
Nov 21 '18 at 18:19
add a comment |
In an HTTPS connection, a client and a server exchange public keys and use these keys to encrypt their messages using an algorithm (e.g. RSA) (Asymmetric encryption)
This is not true. The key pairs are used to establish a pre-master secret, from which the symmetric keys are derived. This can be done by using key agreement (DH/DHE/ECDH/ECDHE ciphersuites) in TLS up to and including TLS 1.3. In earlier versions of the standard it is also possible to encrypt that secret - generated by the client - using RSA encryption, just using the key pair of the server.
Interestingly, for HTTPS connections on web, after both sides assure they have a secure channel, they transmit a key for sending further messages encrypted by another algorithm (Symmetric encryption).
No, the pre-master secret is used to generate the master secret, which is then used to derive the session keys using a key derivation function, generally called a PRF in TLS standards up to 1.3.
Symmetric encryption is used because asymmetric encryption is computationally heavy.
It also expands the ciphertexts by a much larger amount than asymmetric encryption. It is a misconception that it depends just on being computationally heavy. Otherwise this is correct.
After they agree upon a single secret encryption key, the server and client can easily transmit messages (text, images, heavy video, etc).
No. First of all the previous messages need to be authenticated. Otherwise an attacker could insert information to attack the scheme. Furthermore, two to four keys are used to encrypt the data frames. If a cipher with authentication is needed then one key is used to create messages in either direction. If a cipher without authentication is used then another key is needed for each direction to provide integrity and authenticity by calculating a MAC - commonly HMAC.
Now, my questions are : How is the keypair(s) used for https connections managed?
That depends on the key pair and the implementation.
Does the OS manage them or is it the browsers?
That depends as well. Firefox certainly manages it's own keys and certificates. However IE and Edge generally use SChannel, a TLS implementation within Windows that uses the Windows certificate / key store.
Where are they stored?
Ephemeral (temporary) key pairs are generally kept in memory. Static key pairs are generally kept in permanent storage or they may even be hardware protected.
Can one change them?
No, you can generate new ones, but if you change them then they will not be valid anymore.
Is a (new) keypair generated for every https connection that a client makes?
The E in DHE and ECDHE based ciphersuites means ephemeral. For the - sparsely used - DH and ECDH schemes one key pair is static and the other one is ephemeral. Otherwise key pairs are static and the answer is no. The public keys of static key pairs are generally within X.509 certificates. To use static key pairs it is important to establish trust in the public key.
Logically, a single keypair will serve a client for lifetime. So each OS needs to have a bunch of keys of various lengths generated for each algorithm.
That's complete and utter nonsense. A client will generally not even have a key pair. Certificates all have a validity period in which they need used. A client commonly doesn't even have a certificate. Keys need to be renewed. Ephemeral key pairs are generated on the fly.
Specifically, I'm very curious about how it is done in android. I am trying to decide on how to manage https connections in my app, but I didn't find any libraries that allow me to use a specific keypair for the connection, and that made me thinking about all these stuff.
You should not be thinking, because anything you wrote above is utterly wrong (well except for that single sentence, which is merely incomplete). You should be reading - for the TLS RFC's for starters. Thinking comes after you've established a sufficient base of knowledge.
If you have any interesting thoughts now: write them down, learn, and then check if they are worth keeping.
answered Nov 21 '18 at 16:12
Maarten Bodewes
61.4k1077172
In an HTTPS connection, a client and a server exchange public keys and use these keys to encrypt their messages using an algorithm (e.g. RSA) (Asymmetric encryption)
This is not true. The key pairs are used to establish a pre-master secret, from which the symmetric keys are derived. This can be done by using key agreement (DH/DHE/ECDH/ECDHE ciphersuites) in TLS up to and including TLS 1.3. In earlier versions of the standard it is also possible to encrypt that secret - generated by the client - using RSA encryption, just using the key pair of the server.
Interestingly, for HTTPS connections on web, after both sides assure they have a secure channel, they transmit a key for sending further messages encrypted by another algorithm (Symmetric encryption).
No, the pre-master secret is used to generate the master secret, which is then used to derive the session keys using a key derivation function, generally called a PRF in TLS standards up to 1.3.
Symmetric encryption is used because asymmetric encryption is computationally heavy.
It also expands the ciphertexts by a much larger amount than asymmetric encryption. It is a misconception that it depends just on being computationally heavy. Otherwise this is correct.
After they agree upon a single secret encryption key, the server and client can easily transmit messages (text, images, heavy video, etc).
No. First of all the previous messages need to be authenticated. Otherwise an attacker could insert information to attack the scheme. Furthermore, two to four keys are used to encrypt the data frames. If a cipher with authentication is needed then one key is used to create messages in either direction. If a cipher without authentication is used then another key is needed for each direction to provide integrity and authenticity by calculating a MAC - commonly HMAC.
Now, my questions are : How is the keypair(s) used for https connections managed?
That depends on the key pair and the implementation.
Does the OS manage them or is it the browsers?
That depends as well. Firefox certainly manages it's own keys and certificates. However IE and Edge generally use SChannel, a TLS implementation within Windows that uses the Windows certificate / key store.
Where are they stored?
Ephemeral (temporary) key pairs are generally kept in memory. Static key pairs are generally kept in permanent storage or they may even be hardware protected.
Can one change them?
No, you can generate new ones, but if you change them then they will not be valid anymore.
Is a (new) keypair generated for every https connection that a client makes?
The E in DHE and ECDHE based ciphersuites means ephemeral. For the - sparsely used - DH and ECDH schemes one key pair is static and the other one is ephemeral. Otherwise key pairs are static and the answer is no. The public keys of static key pairs are generally within X.509 certificates. To use static key pairs it is important to establish trust in the public key.
Logically, a single keypair will serve a client for lifetime. So each OS needs to have a bunch of keys of various lengths generated for each algorithm.
That's complete and utter nonsense. A client will generally not even have a key pair. Certificates all have a validity period in which they need used. A client commonly doesn't even have a certificate. Keys need to be renewed. Ephemeral key pairs are generated on the fly.
Specifically, I'm very curious about how it is done in android. I am trying to decide on how to manage https connections in my app, but I didn't find any libraries that allow me to use a specific keypair for the connection, and that made me thinking about all these stuff.
You should not be thinking, because anything you wrote above is utterly wrong (well except for that single sentence, which is merely incomplete). You should be reading - for the TLS RFC's for starters. Thinking comes after you've established a sufficient base of knowledge.
If you have any interesting thoughts now: write them down, learn, and then check if they are worth keeping.
answered Nov 21 '18 at 16:12
Maarten Bodewes
61.4k1077172
edited Nov 21 '18 at 16:18
answered Nov 21 '18 at 16:12
Maarten Bodewes
61.4k1077172
answered Nov 21 '18 at 16:12
Maarten Bodewes
61.4k1077172
answered Nov 21 '18 at 16:12
Maarten Bodewes
61.4k1077172
61.4k1077172
Note that I've also voted to close this. I have posted it as you have shown clear interest in TLS, so please see this as a short personal tutorial on the subject.
– Maarten Bodewes
Nov 21 '18 at 18:19
add a comment |
Note that I've also voted to close this. I have posted it as you have shown clear interest in TLS, so please see this as a short personal tutorial on the subject.
– Maarten Bodewes
Nov 21 '18 at 18:19
Note that I've also voted to close this. I have posted it as you have shown clear interest in TLS, so please see this as a short personal tutorial on the subject.
– Maarten Bodewes
Nov 21 '18 at 18:19
Note that I've also voted to close this. I have posted it as you have shown clear interest in TLS, so please see this as a short personal tutorial on the subject.
– Maarten Bodewes
Nov 21 '18 at 18:19
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53399983%2fhttps-connections-how-are-the-keypairs-managed%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
