Conventional communication made over networks such as the Internet are unsecure until a secure protocol is arranged and used for communications. One way of arranging a secure protocol is by using the conventional Secure Sockets Layer protocol known as SSL. SSL allows two communicating parties to determine an encryption technique both parties can support, and to agree on certain parameters to be used with the encryption technique. Communications may then be sent securely using the agreed upon encryption technique.
Under the SSL protocol, a client initiates a request for a secure connection and includes a cryptographic suite describing the client's capabilities. The server receives the cryptographic suite, initiates a process on the server to handle the encrypted session, selects an encryption technique from those described by the client's cryptographic suite, generates a session identifier that is used to identify subsequent communications that will use the selected encryption technique and a session key computed as described below, and returns the selected encryption technique, session identifier and other information including an optional certificate that can be used to authenticate the server and to encrypt a response. The server may also optionally request a certificate from the client.
The client then optionally validates the server certificate and then generates a premaster secret key, encrypts it using the server's public key and sends it to the server. The server decrypts the premaster key using its secret key. The client and server both use the premaster secret key to generate a session key that can be used to encrypt subsequent communications between the client and the server. Each signals the other when they have generated the session key and one or more communications may be made using the session identifier, the selected encryption technique and the session key.
However, there is a problem with this technique. The server initiates the process to handle session communications when the client's cryptographic suite is received, but then must wait for the premaster secret key, which can take as long as several minutes to generate. During this time, the process sits idle, consuming server resources and potentially preventing other clients from communicating with the server.
What is needed is a system and method that can initiate a secure session between a client and server without requiring a process on the server to sit idle between the time the client's cryptographic suite is received and the client sends the server the premaster secret key.