Understanding the TLS Handshake: A Deep Dive into Web Security 🔒

As you browse the internet, the little padlock icon that appears next to a website’s URL signifies a crucial layer of security: the TLS handshake. In this blog post, we will explore the meticulous process that ensures your interactions with websites remain confidential and trustworthy.

To enhance your understanding, I recommend having an infographic handy that illustrates the messages exchanged between your web browser (the Client) and the website (the Server) during the TLS session initiation. You can find the infographic here.

Setting the Stage

First, it’s essential to understand that the primary objectives of SSL/TLS are twofold:

• Verify the Server’s Identity: Ensuring the Server is legitimately who it claims to be.
• Establish Session Keys: Protecting the data exchanged during your session.

Before delving into the TLS Handshake, there are two key concepts to clarify:

Records vs. Packets

In the context of the TLS handshake, each message shown in the infographic is referred to as a “Record.” It’s important to note that this differs from the notion of a Packet. A single Packet may contain several Records or require multiple Packets to convey just one Record.

Cryptographic Fundamentals

A grasp of basic cryptographic concepts will enhance your understanding of the TLS handshake. Familiarity with terms such as Hashing, MACs and HMACs, and Encryption is advantageous. Don’t worry; we will focus primarily on the handshake itself to keep the discussion streamlined.

With that foundation laid, let’s dissect the intricacies of the TLS Handshake.

1️⃣ The Client Hello

The TLS handshake begins with a message called Client Hello sent from your web browser. Within this stage, five essential fields are included:

• SSL Version
• Random Number
• Session ID
• Cipher Suites
• Extensions

Each of these elements plays a critical role in facilitating a successful handshake.

1️⃣.1 – SSL Version

The Client communicates the highest SSL version it supports (