Understanding the TLS Handshake: The Process Behind Securing That Trusted Lock 🔒

BCAdmin

Understanding the TLS Handshake: The Journey to Secure Connections 🔒

In this post, we’ll explore the intricate processes that occur between your browser and the website you’re accessing in order to secure that essential padlock icon. This padlock is a visual assurance of security, represented by the implementation of the TLS handshake.

To aid our journey through this technical terrain, it’s beneficial to reference an infographic that summarizes the exchange of messages between the Client (your web browser) and the Server (the website you are visiting) during a TLS session. Feel free to open the infographic in a separate tab for easier following.

Image source is from a Twitter thread; the link is at the end of this article.

The Objective of SSL/TLS

Before we delve into the details of the handshake, let’s clarify the primary objectives of SSL/TLS:

  1. Identity Verification: Ensures the server is genuinely who it claims to be.
  2. Secure Session Keys: Establishes session keys that safeguard data transmission.

Important Concepts to Note

  1. Records vs. Packets: It’s vital to differentiate between “Records” and “Packets.” Each line in our referenced image corresponds to a TLS “Record.” A single Packet may contain multiple Records or vice versa.

  2. Cryptography Basics: Familiarity with key cryptographic concepts such as Hashing, MACs/HMACs, and Encryption is beneficial for understanding the handshake. For an in-depth review, check out the linked resource videos, though we won’t dive deeply into these concepts here.

Now, let’s break down the records that comprise the TLS handshake:

1️⃣ Client Hello

The handshake begins with your web browser sending a record known as the Client Hello. This record contains five essential components:

  • SSL Version
  • Random Number
  • Session ID
  • Cipher Suites
  • Extensions

1️⃣.1 – SSL Version

The Client communicates the highest SSL version it supports (e.g., SSL 3.0, TLS 1.2). The server replies with its supported version, and they settle on the highest version compatible with both.

1️⃣.2 – Random Number

The Client sends 32 bytes of random data to enhance security, contributing “entropy” to the session keys.

1️⃣.3 – Session ID

This field allows for the

Share this content:

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *