Introduction to Encryption III - Overview of TLS/SSL Handshake


Transport Layer Security (TLS) protocol is the successor to the Secure Sockets Layer (SSL) protocol which has been prohibited from use by the Internet Engineering Task Force (IETF) due to its vulnerabilities to attacks.

They are both protocol suites that have been implemented to function as an additional layer of security between the transport layer and the application layer.

When a TLS/SSL protocol is implemented, HTTP (Hyper-text Transfer Protocol) becomes HTTPS - S for Secure.

TLS/SSL Handshake

The Handshake protocol of the TLS/SSL protocol suite is implemented to establish a secure communication session between the client and the server. Once the handshake process is finished, secure message exchange is available using a shared symmetric key.

participant Client Client->Server: "client hello" + list of supported cipher suites\n and TLS/SSL versions Server->Client: "server hello" + ciper suite and TLS/SSL version\n chosen + digital certificate Note left of Client: extract public key Note left of Client: generate pre-master key* Client->Server: encrypted pre-master key Note right of Server: decrypt pre-master key Note left of Client: generate shared secret** Note right of Server: generate shared secret Client->Server: test message encrypted with shared secret Note right of Server: message decrypted Server->Client: test message encrypted with shared secret Note left of Client: message decrypted Client->Server: "client finished" Server->Client: "server finished" Client-->Server: start secure message exchange Server-->Client:
* pre-master key: used to generate a formatted shared secret

** shared secret: symmetric session key

Show Comments