TLS Handshake

TLS (Transport Layer Security) is the standard protocol for securing communication over the a network, commonly the internet. It was built on the now deprecated SSL (Secure Sockets Layer). Protocols like HTTP, FTP, LLP, SMTP use it to encrypt communication.

TLS is a lot like a conversation to build a secure relationship before sharing information. It's called the TLS Handshake. The exact workflow changes depending on the version used, but the following is a general overview:

The client initiates the handshake by sending a "hello" message to the server. The message will include information like TLS version (ex. v1.2 or 1.3), cipher suites (algorithms used to encrypt the data), and other preferences to the client.

The Server will reply with a message selecting the cipher suite and providing a digital certificate used for authentication - this contains the Server’s domain, Certificate Authority, and the public key to be used for asymmetric encryption.

Certificate Authority is a trusted third-party entity responsible for validating the authenticity of digital certificates.

The client verifies the Server's certificate with the Certificate Authority that issued it. This confirms that the server is who it says it is, and that the client is interacting with the actual owner of the domain.

For security reasons, certificates expire and need to be renewed typically every 90 days.

The Client generates a secret key and encrypts it using the Server’s public key for the certificate. The encryption method used depends on the cipher suite agreed on.

The Server decrypts the secret key using its private key and verifies it matches the secret key generated by the client before. If valid, the Server sends “finished” encrypted with a session key to the Client.

 

Related pages