For using SSL, does the client side need to have a digital certificate (X.509v3)? If so, then why can I access secure Web sites from my computer that seemingly does not have a certificate? If it is not needed, then how does the client send its public key across to the secure server?
No, you do not need a certificate to use SSL. If you have one, it can be used to authenticate you to the server, but if you don't, then some other mechanism (like a password) can be used.
When you set up an SSL connection, usually, a Diffie-Hellman key exchange is done, but each side can actually negotiate how it is done.
For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: Finding the answers to specific SSL questions
News & Analysis: OpenSSL expert details flaws
This was first published in September 2002