Is received data encrypted over https?

1
votes

I have a question about security.

When I visit a website over HTTPS, data sent from the browser is encrypted. But what about data received from the server?

For example, if visited pages display confidential information, how can this information be encrypted on server side and decrypted on client side, given that the browser doesn't know the private SSL key?

1
securityhttps
Yes, the request and response is both encrypted. After negotiation, a new shared secret/key is used for symmetric stream encryption.user2864740
The two browsers which are talking to each other do know the SSL keys for the particular algorithm upon which they have both agreed to use. Google is your friend: robertheaton.com/2014/03/27/how-does-https-actually-workTim Biegeleisen

1 Answers

2
votes

When you start an https session, your browser and the server negotiate a session key. This key is what is used to encrypt data that you send to the server, and data the server sends to you. The server's public key is only used to authenticate the server and initiate the handshake.