Java – how does SSL protect data from sniffing?

I have a small website. Its security is very important to me I have no money to buy SSL certificate, so I want to make one myself (in theory, I use Java, although I still don't know how to decrypt it on the server) Users won't trust it as they trust SSL, but it will provide the security I'm looking for

I read some articles about SSL. I think I got the math behind it, but I don't understand how it prevents sniffing If SSL encrypts the password / information / anything on the client computer instead of sending it to the server for decryption, what's the problem with the sniffer sniffing the encoded password and sending it to the server?

Solution

You can't help it You've wasted more time than certificates will cost you

Not just Java JRE

If the user does not trust it, it will not

It's much more complicated than that The client verifies the identity of the server through PKI and server certificate The client and server then negotiate a symmetric session key using the math you reference The key itself will never be transmitted The data is encrypted with this key and sent with the message authentication code to show whether the message is complete Data is private due to encryption; And because of the way of key negotiation, SSL also provides the invulnerability of replay attack