Anybody know how https *really* works? I didn't think so

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

So my book on https and Windows Communication Foundation technology
says that if any computer between your SSL certificate secured
computer and the client machine reading this certificate does not
support SSL, then the entire https link is not secure and your data
can be compromised.  That makes no sense to me, because I thought the
entire data stream is encrypted, but that's what it says.  And I've
even seen this on the net.

So why do people blindly trust SSL and HTTPS as if it's unbreakable?
Is it because most traffic goes through at most two or three hops, and
likely these hops are up-to-date and support SSL?

Even if so, you're taking a risk that somewhere between somebody will
fail to support SSL and your message will be unencrypted.

Bet most if not all of you reading this thread did not know this.  So
called experts, right.


Site Timeline