Is a HTTPS connection secure without a valid SSL certificate?

Question

I use a HTTPS connection without a valid SSL certificate. Is the connection safe? Is the information encrypted?

Answer 1

Actually it is possible to establish an encrypted connection between complete strangers without a certificate, using Diffie-Hellman or similar key exchange algorithms.

Alice and Bob agree on a random number x. Alice calculates x^a, where a is a large prime number known only to Alice, and sends that to Bob. Bob calculates x^b and sends it to Alice. Alice calculates (x^b)^a, and Bob calculates (x^a)^b. Since (x^a)^b = (x^b)^a = x^ab, Alice and Bob now both know the number x^ab and can use it as an encryption key. The beauty of this is that Bob doesn't know a, Alice doesn't know b, and any eavesdroppers don't know either number (because calculating a from x^a, in the case of large numbers, would take years).

As supercat points out, this by itself is still susceptible to a man-in-the-middle attack, and that's why at least one end of the transaction needs to authenticate using a certificate. To be accurate, though, it is not the server that checks this, it's the browser, and most browsers will let the user continue if the certificate is invalid (or possibly even garbage). In that event, the connection will still be considerably more secure than a regular connection. To listen in, you'd need to be able to manipulate IP routing or DNS lookups, and you'd have to set it up before the connection was first made, which is not easy to do.

BTW the keypairs in certificates are not what's used to encrypt actual traffic; they are used to establish a new single-use key for a much faster symmetric cipher (such as DES) which then does the rest of the work.