Question
A man in middle can decrypt the certificate(public key for decryption is available on everywhere) and steal the public key for the session. Now the middle man can read all encrypted messages from web server to client. But cannot read messages from client to server. So how does HTTPS avoid this?
Solution
You're quite simply misunderstanding how asymmetric cryptography works:
The public key in the certificate will NOT let you decrypt anything, it's not what it's for.
OTHER TIPS
Man in the middle can see public key as part of certificate, but cannot see the private key.
Peer has to trust public key because it's signed by some CA they know in advance.
That's fundamentally it.
https://stackoverflow.com/questions/23406005
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian