I've broken it down to the following steps with a diagram at the end that may help you understand it a little better.
- The client starts the HTTPS session by clicking on the link.
- The server responds by sending a certificate. The certificate includes the server's public key that is part of a matched private/public key pair. The private key is always kept private by the server.
- The client creates a random session key (such as 13579BDF2468ACE).
- The client encrypts the session key with the server's public key.
- The client then sends the encrypted session key to the server.
- The server then decrypts the session key with the server's private key.
- Rest of session uses symmetric session key.
Question: What type of encryption does SSL use to privately share the session key?
Answer: Asymmetric
Question: What type of encryption does SSL use to encrypt the session data?
Answer: Symmetric
Trick Question: What type of encryption does SSL use ?
Answer: Asymmetric and symmetric
You can find more details on cryptography in this chapter 9 of this book:
CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide
You can also watch a video on YouTube here:
SSL Asymmetric and symmetric encryption
HTH,
Darril Gibson