Info Sharing Blog

Thursday, March 22, 2018

SSL Handshake Explained

March 22, 2018 Posted by jaacostan ,
The setting up of a Secure SSL/TLS connection is known as the SSL handshake process. This will be performed for all the websites starts with https://.
The SSL handshake process can be explained in 6 different steps.

1.    Client Web Request - Client Hello
2.    Server Responds -  Server Hello.
3.    Client validates the Certificate
4.    Client generate and encrypt the session key
5.    Server decrypts the session key 
6.    Encrypted data exchange takes place.


1. Client Web Request - Client Hello

This is the initiation of the SSL/TLS communication. Client Sends a "Hello" message to the Server.
Basically, this Hello means, Hello, i want to set up a secure connection with you but before that let me introduce myself. I supports this version of SSL/TLS , These are the cipher Suit/protocols i support and these are the data compression methods i support.
ssl handshake jaacostan


2. Server Responds -  Server Hello.
Then the Server respond to the Client with a Server Hello. So the Server telling to the Client that, Hello, i can also understand different cipher protocols, but i will select one Cipher suite that we both can understand. Also selecting a common data compression method.
Additionally, i am sharing my certificate/public key with you.
ssl handshake jaacostan

3. Client validates the Certificate
The Client validates the certificate with its CA and proceeds to the next step.

4. Client generate and encrypt the session key

By using the data learned, the client generates a secret key knows as a "Session Key" and encrypts it with the Server's Public key.
The Encrypted message (key) is then send to the Server. Only the server can decrypt the message to get the Session key.
ssl handshake jaacostan
5. Server decrypts the session key 
The Server ,by using its Private key decrypts the message and gets the session key.
Server also informs the client that ,for all the future communication between us for this particular session ,we will be using this session key and the SSL handshake is completed.

6. Encrypted data exchange takes place.
The SSL handshake is now complete and the session begins.
The client and the server will now use the session key to encrypt and decrypt the data they send to each other and to validate its integrity.
ssl handshake jaacostan