Encryption/decryption using by SSL
Once a session is established, the SSL generates a session key using public-key encryption to exchange information between the client and server. This key is used to encrypt the transaction for both request as well as the response. It would be extremely difficult for the attacker to get into the system since each transaction uses a different session key. Hence, even if the attacker succeeds in cracking the code of a transaction, he cannot use the same key every time for cracking and will have to spend an enormous amount of time as he did for decrypting the first key.