29Oca
(nginx) ssl_certificate_key in Handshake of TLS 1.2 and 1.3
I am confused about the TLS handshake process in TLS 1.2 and TLS 1.3.
When configuring Nginx with SSL enabled, does the ssl_certificate_key play a role in the TLS handshake itself, or is it only used for server identity verification?
I have read that TLS 1.3 uses ephemeral key share for agreement of master secret, where the key is randomly generated for each session. Meanwhile, in TLS 1.2, the pre-shared secret is derived from both the client's and server's public keys. Could you clarify how the ssl_certificate_key is used in each version of TLS?
Thank you!
