If you have ever browsed an HTTPS URL through a browser, you have experienced the SSL handshake. Even though might not notice it, the browser and the website is creating an HTTPS connection using one-way SSL handshake.
The main purpose of an SSL handshake is to provide privacy and data integrity for communication between a server and a client. During the Handshake, server and client will exchange important information required to establish a secure connection.
There are two types of SSL handshakes described as one-way SSL and two-way SSL (Mutual SSL). Difference between those two is that in one -way SSL only the server authenticates to the client whereas, in two-way SSL, both server and client authenticate to each other. Usually, when we browse an HTTPS website, one-way SSL is being used where only our browser (client) validates the identity of the website (server). Two-way SSL is mostly used in server to server communication where both parties need to validate the identity of each other.
After building a TCP connection, the client started the handshake with sending information like SSL version, cipher suites, and compression method.
The server then checks for the highest SSL version that is supported by both of them.
The server also chooses the compression method and the cipher suite from the client’s option.
After this exchange, the server sends a certificate (public key) to the client.
The client confirms the certificate, creates pre-master secret for the session, and encrypts the session with the server’s public key.
The server receives pre-master secret and decrypt it with the private key.
Both parties agree on a single cipher suite and generate the session keys (symmetric keys) to encrypt and decrypt the information during an SSL session.
Finally, both client and server exchanges encrypted message to ensure that the future messages will be encrypted.
https://www.ssl2buy.com/wiki/how-does-an-ssl-certificate-work
https://medium.com/@kasunpdh/ssl-handshake-explained-4dabb87cdce
No comments:
Post a Comment