The first truely informative video I have seen on SSL. 11 worthwile minutes.
I am still left with a question on what the client says to the server before there is a handshake.
Does it say: https://www.server.com (and the rest will follow later, mkay?)
or does it say: https://www.server.com?password=’Good passw0rd!!’ please let’s encrypt.
Obviously in the latter, your password has been sent unencrypted over the net and only what is sent after the handshake will be encrypted.
Which brings me to question 2: is the handshake about the one question or is it about the whole session? Are cookies involved?
Waaay outside of my comfort zone here 🙂 I wrote the maker of this video…patiently awaiting a reply!
