https://stackoverflow.com/questions/22229926
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian
- Server generates private/public key.
No. The server already has a public and private key, installed.
- Server starts to listen socket.
No. The server starts to listen at a port. this is done by means of a socket.
- Client connects to socket: stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT)
Yes.
How does it work? Client generates private/public key on fly and stores it in memory?
No. The client doesn't usually have a public or private key, but if it does it is already installed. The client doesn't need these for basic SSL to work.
And the same question for browser https, browser makes the same? generates private/public key on fly?
See above. Same answer.
In general: where does client gets keys from?
I think you are suffering from the widespread misapprehension that SSL uses public/private cryptography only. It doesn't. It uses a symmetric session key which is negotiated and calculated independently by both peers. PKI is only used in SSL to authenticate the peers to each other.
In any case your questions about 'generating' a public/private keypair at runtime don't make sense. A keypair is only useful if the peer already has the public key.
You seem to have been reading a lot of misinformation. There's a lot of it out there, notoriously including the so-called 'Linux Documentation Project'. The normative reference for this is RFC 2246 and successors, and there is an excellent book by Eric Rescoria on SSL as well.
