next up previous
Next: 4. Client Finish Up: The SSL protocol Previous: 2. Server Hello

3. Client Master Key

If a matching session key was not found the client chooses a cipher and a master key for this session and sends it to the server in the Client Master Key message.

USA export restrictions limit the size of encryption keys that can be used in products exported from the US. However most modern encryption algorithms use long keys. To allow standard algorithms to be used, without violating US export restrictions the protocol only keeps 40 bits of the key secret. The rest is sent as unencrypted (clear) text. Products not exported from the USA (either because they were built elsewhere or because they are only used within the USA) can use longer encrypted keys. The number of bits sent in each component is determined by the cipher choice.

The appropriate bits of the master key are encrypted using RSA public key encryption and the servers public key from the server certificate that was sent in the server hello message.

If the encryption algorithm requires some initialisation data this is sent in the key argument field.

Tony McGregor
Fri Jun 23 19:57:11 NZST 1995