HTTP Secure, Part II. Is Diffie-Hellman always used in the HTTPS key exchange?


In this post, Premier Developer consultant Lizet Pena De Sola explains Diffie-Hellman in the HTTPS key exchange.


I got a question right after I had spent a week in training classes for the COMPTIA Security+ exam: to describe how HTTP Secure (HTTPS) modifies the HTTP traffic between a client browser and the server.  At the end of my explanation, this person also asked me what was the role of Diffie-Hellman algorithm in the whole process.

Read the rest on Lizet Pena De Sola's blog here.

Comments (2)

  1. Paul Bichis says:

    Diffie-Hellman Key is NOT ALWAYS used in HTTPS key exchange. If you want to add an extra layer of security you can use it.

    Diffie-Hellman Key is mostly used for key exchange, but it does nothing for authentication.
    DH key is secure for some purposes, but massively insecure for others as it isn’t designed for those other purposes.
    I don’t use DH for HTTPS but I use DH for OpenVPN key exchange.

    1. Laura Shelby says:

      @Paul Bichis.
      Great point!
      You are correct, Diffie-Hellman is not always used and is not related to authentication. The algorithm itself was actually devised before the HTTP protocol came about. Most of the session key exchanges in HTTPS do not use D-H. The article starts from a misconception, but tries to set the record straight.

Skip to main content