What is TLS, SSL and HTTPS

Posted by

When you visit a website that doesn’t use HTTPS, your browser will show a warning. This is because, without HTTPS, the data exchanged between your browser and the website’s server is not encrypted. This means that sensitive information like passwords or credit card numbers can be intercepted and read by anyone who manages to capture the data.

How TLS Works:

  1. Establishing a Connection:
    • Initially, similar to HTTP, the browser establishes a TCP connection with the server.
  2. TLS Handshake:
    • The process begins with the browser sending a “client hello” message to the server. This message includes information about the TLS versions the browser supports (such as TLS 1.2, TLS 1.3, etc.) and the cipher suites it can use (a cipher suite is a set of encryption algorithms used to encrypt the data).
  3. Server Responds:
    • The server responds with a “server hello” message. This message includes the TLS version and the cipher suite that the server has chosen from the list provided by the browser. The server also sends its digital certificate, which contains the server’s public key and is signed by a trusted certificate authority (CA).
  4. Certificate Verification:
    • The browser verifies the server’s digital certificate. It checks if the certificate is valid, has not expired, and is signed by a trusted CA. This step ensures that the server is authentic and trusted.
  5. Key Exchange:
    • The browser and the server use the server’s public key to securely exchange a pre-master secret. This pre-master secret will be used to generate the session keys. For forward secrecy, modern implementations use Diffie-Hellman key exchange algorithms.
  6. Generating Session Keys:
    • Both the browser and the server independently generate session keys from the pre-master secret. These session keys are symmetric keys used for encrypting and decrypting the data exchanged during the session.
  7. Finishing the Handshake:
    • The browser sends a “finished” message, encrypted with the session key, to the server. The server decrypts the message and, if it is correct, sends its own “finished” message encrypted with the session key.
  8. Secure Communication Established:
    • After the handshake is successfully completed, the browser and the server start using the session keys to encrypt and decrypt the data they exchange. This ensures that all data transmitted between the browser and the server is secure and unreadable to anyone who might intercept it

How SSL Works:

Steps of how SSL (Secure Sockets Layer) works, formatted similarly to the TLS steps:

  1. Establishing a Connection:
    • The browser establishes a TCP connection with the server.
  2. Client Hello:
    • The browser sends a “client hello” message to the server, which includes supported SSL versions and cipher suites.
  3. Server Hello:
    • The server responds with a “server hello” message, indicating the chosen SSL version and cipher suite, and sends its digital certificate.
  4. Certificate Verification:
    • The browser verifies the server’s digital certificate, ensuring it is valid, not expired, and signed by a trusted Certificate Authority (CA).
  5. Key Exchange:
    • The browser and server use the server’s public key to securely exchange a pre-master secret. In SSL, the key exchange typically uses RSA.
  6. Generating Session Keys:
    • Both the browser and the server generate session keys from the pre-master secret. These session keys are used for symmetric encryption during the session.
  7. Finished Messages:
    • The browser sends a “finished” message, encrypted with the session key, to the server. The server decrypts it and, if correct, sends its own “finished” message encrypted with the session key.
  8. Secure Communication:
    • The browser and server now use the session keys to encrypt and decrypt all data exchanged, ensuring secure communication.

[the-post-grid id=”9538″ title=””]

Leave a Reply

Your email address will not be published. Required fields are marked *

Visit Our Store and Buy All document (F5, Zscaler, ASA, Paloalto, Checkpoint,Forescout, Cisco ISE etc) only in  1600RS, click here on store - Store

X
error: Content is protected !!