![axway secure transport 5.4 axway secure transport 5.4](https://img.yumpu.com/5698225/1/500x640/ebics-kompendium-ppi-ag.jpg)
The keys for this symmetric encryption are generated uniquely for each connection and are based on a shared secret that was negotiated at the start of the session. The connection is private (or secure) because a symmetric-key algorithm is used to encrypt the data transmitted.When secured by TLS, connections between a client (e.g., a web browser) and a server (e.g., ) should have one or more of the following properties: However, applications generally use TLS as if it were a transport layer, even though applications using TLS must actively control initiating TLS handshakes and handling of exchanged authentication certificates. It serves encryption to higher layers, which is normally the function of the presentation layer. TLS runs "on top of some reliable transport protocol (e.g., TCP)," which would imply that it is above the transport layer. TLS and SSL do not fit neatly into any single layer of the OSI model or the TCP/IP model. If any one of the above steps fails, then the TLS handshake fails and the connection is not created. This concludes the handshake and begins the secured connection, which is encrypted and decrypted with the session key until the connection closes. uses Diffie–Hellman key exchange to securely generate a random and unique session key for encryption and decryption that has the additional property of forward secrecy: if the server's private key is disclosed in future, it cannot be used to decrypt the current session, even if the session is intercepted and recorded by a third party.encrypts a random number ( PreMasterSecret) with the server's public key and sends the result to the server (which only the server should be able to decrypt with its private key) both parties then use the random number to generate a unique session key for subsequent encryption and decryption of data during the session.To generate the session keys used for the secure connection, the client either:.The client confirms the validity of the certificate before proceeding.
![axway secure transport 5.4 axway secure transport 5.4](https://img.yumpu.com/6800092/1/500x640/alphaserver-systems-openvms-application-status-report-as-of-.jpg)
The certificate contains the server name, the trusted certificate authority (CA) that vouches for the authenticity of the certificate, and the server's public encryption key. The server usually then provides identification in the form of a digital certificate.
![axway secure transport 5.4 axway secure transport 5.4](https://www.oop-konferenz.de/fileadmin/_processed_/8/b/csm_Grafik_programm_pdf_bd822a8aab.png)