It’s widely known that TLS is an encryption protocol which was created to tighten the security of Internet communications. So, you may be wondering now “What is a TLS handshake?”. In understandable terms, a TLS handshake, jump starts a communication session.
The two sides of communication send and receive messages to be aware of each other's existence. As well as establishing encryption of algorithms and agreeing on session keys. In retrospect, this is one of the key factors of how HTTPS operates.
TLS or SSL?
SSL stands for Secure Sockets Layer. It was the first of every encryption protocol purposed for HTTP. It was later replaced by TLS, which stands for Transport Layer Security. Basically, SSL and TLS are the same thing but called a bit different. Though, the name “Secure Socket Layer” is still commonly in-use.
When Does a TLS Handshake Occur?
TLS Handshakes occur when a user navigates to a website via HTTPS. The browser creates a query to find the location of the website's server. This process also takes place for all other types of web-communication including API calls and DNS queries.
What Happens During a TLS Handshake?
In order to establish a secure connection, the Handshake Protocol automatically completes the following tasks:
- Cipher Suite Negotiation;
- Server Authentication;
- User Authentication (Optional);
- Information Exchange.
Cipher Suite Negotiation
When both the user and server are in contact, the cipher suite gets chosen which is maintained for the whole duration of the session.
In TLS a server shows its identity to all website visitors. Public key infrastructure and the use of public/private key pairs is the basis of this authentication. It is the same process as cipher suite determination and authentication.
Both users and the website’s server communicate by exchanging random figures. As well as a unique number, known as the Pre-Master Secret. This information is combined with additional data which enables users to sustain a shared secret, called the Master Secret. Which is used by both users and the server to create a MAC secret, known as a session key, used for hashing. The sole purpose of this process is for successful encryption.
What Are the Steps of a TLS Handshake?
In order to complete a successful TLS handshake, both users and servers share information for allowing the possibility of secure communication. This includes datagrams or messages which are securely communicated from the side of a user and a server, and vice versa. There are multiple necessary steps in order to sustain a successful TLS handshake.
The precise TLS handshake steps may vary. This depends on the algorithm and cipher suites used to communicate securely. Read on to understand these steps.
- Users send a “hello” message to the server, as well as a number, at random, and the supported cipher suites.
- The server responds by sending a “hello” back to the user. Along with the server's random value.
- Authentication. The user verifies the SSL Certificate of the host-server, including the issuing authority. It’s done in order to verify that the server is legit and that the user is interacting with the actual website.
- The premaster secret is what comes next. A user shoots one more string of bytes back to the server. This "secret" is usually encrypted with the public key and luckily for us can be decrypted only with the private key by the server. (Users get the public key from the server's SSL certificate)
- Now it's time to use the private key. In this step, the server simply decrypts the premaster secret.
- At this step, the server receives the Pre-Master Secret. Along with the user, it creates the Master Secret & session keys which are originally based on the Pre-Master Secret. It's important to note that the user and the server must arrive at the same result.
- The user requests the server to change it’s Cipher Spec by sending a message stating "Change cipher spec". This indicates the user wishes to begin using a new set of session keys used for hashing while encrypting messages. Users deliver the "Client finished" message to the server.
- The server receives the "Change cipher spec" notification. The task is done by changing its security state to symmetric encryption while session keys are still in use. It sends "Server finished” to its user.
- Both the user and server have the ability to communicate securely with the exchange of application data via a secure channel. It’s important to note that every communication is encrypted with a session key.
To make things easier, let's visualize this process:
Wrapping Things Up
The SSL/TLS handshake is an important process that usually goes behind the curtains but still is very important to the secure internet. We don’t usually give this process much attention unless something went wrong, but when it does, it can cause some uncomfortable moments.