This article is within the scope of WikiProject Internet, a collaborative effort to improve the coverage of the internet on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
This sentence is confusing/incorrect "[...] software is required to decrypt the SSL session key (an asymmetric key) that has been sent to it from the SSL client (usually a web browser)". There was a modification in this revision(small typo - handshake uses asymmetric keys (public/private pair)).
The problem is that the session key is the symmetric key: that's what's encrypted and decrypted indeed, but that's not what's used to encrypt/sign the handshake messages. What's used to encrypt and sign the handshake messages (including those containing the session keys) are the asymmetric keys in the certificates. —Preceding unsigned comment added by BrunoHarbulot (talk • contribs) 17:23, 1 November 2010 (UTC)