One way SSL is one way encryption?

Question

If one way SSL is used (Server Certificate authentication) then data sent from client gets encrypted using Public key of the server certificate. So privacy protection is availab

Answer 1

One way SSL just means that the server does not validate the identity of the client. It has no effect on any of the other security properties of SSL.

While the SSL protocol is a bit complex, the basic gist of what happens is this: The client generates a random key, encrypts it so that only the server can decrypt it, and sends it to the server. The server and client now have a shared secret that can be used to encrypt and validate the communications in both directions.

The server has no idea of the client's identity, but otherwise, the encryption and message validation is two way.

Update:

1) Yes, encryption both ways is symmetric and uses a shared secret generated during session setup.

2) With a shared secret, message integrity is trivial to assure. You just ensure the message has a particular form. For example, I can prefix every message I send with a sequence number and append a checksum onto it before encryption. You decrypt it with the shared secret and validate the sequence number and checksum. How can an attacker substitute or modify the message without knowing the shared secret and still keep the sequence number and checksum intact?