Is data is encrypted (128 bit encryption) in SSL layer?

开发者_运维百科I configured SSL mechanism in tomcat 6 by generated certificate using java keytool with RSA algorithm and I’m able access the urls using the HTTPS.

Now I have few doubts

1. While communicating client with server (browser to server or server to browser), is Data also encrypted using 128 bit encryption?
2. If stand alone application is communicating with server do I get encrypted data only?

Please clarify my doubts. Thanks in advance

1. Yes, once the SSL connection has been negotiated (which is the first thing that happens), all data (client and server) is encrypted.

2. Any application communicating over an SSL-secured channel will have all its data encrypted and (because of certificate signing) it will be relatively confident that it's speaking with the actor it thinks it should be speaking with (ie, it will have protection against MITM attacks).

If you're connecting with an SSL-enabled client (whether that's a browser, libcurl, or something else) to whatever port you have configured for SSL, your entire communication path will be encrypted. If you try to connect with a non-SSL-enabled client to an HTTPS listener, you'll get a Bad Request error message like this:

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

If you're really concerned, try using something like Wireshark to view the communication between client and server.