In computer networks and communication, before any data can be exchanged, the protocol has to be finalised between the 2 parties. It is akin to two strangers talking, unless they decide on a common language, there cannot be any kind of communication. This communication usually takes place between a client machine, one that uses or consumes services, and a server machine, one that serves the services or information.
When a client browser requests to load a website, a request is sent to the server asking if communication can be done in a certain language, in this case, it is TCP. If the server recognises TCP, it agrees to communicate and send page information via the open internet to the requesting machine. This initial communication between the client and the server on deciding the protocol is called a handshake.
In the early days of the internet, data used to be sent and received in an open format via the internet. The request and response had to travel through various machines before it reached the intended recipient. This means there are a lot of middleman machines that could listen in or read in on the information being sent. This necessitated the need for a system where information exchanged between 2 machines on the internet cannot be deciphered by another machine. To deal with this predicament, SSL Handshake was brought in, which changed the protocol of communication to HTTPS., a widely used method of exchanging information over the internet today.
Secure Socket Layer (SSL) is a cryptographic security protocol used to secure communication on the internet. The idea is to encrypt the data that is sent and received in such a way that only those two machines can decipher the information sent using a secret decryption key.
Secure Socket Layer (SSL) was first introduced by Netscape in 1994. The first version of SSL was never released for public use, as it was found to have many security holes. The first official release of SSL v2 was in 1995 and a steady version was released in Nov 1996.
SSL and its successor TLS are used widely in email, instant messaging, and voice-over applications. One major conspicuous usage is as a security layer in HTTPS.
Let’s start at the very beginning of the process, from the time when you use your browser to access a website. When your browser requests a page that is secured by SSL, a secure connection is established between the two using what is called an SSL Handshake. SSL handshake is not apparent to the user, it all happens in the background and takes place instantaneously.
There are a few components involved in an SSL session.
An SSL handshake takes place only when an attempt is made by a client machine to connect to a server over the HTTPS protocol. Such handshakes also take place whenever HTTPS protocol is used by API calls and DNS over HTTP queries.
A precursor to SSL/TLS handshake is the TCP handshake. An SSL/TLS handshake takes place only after a TCP connection has been opened.
SSL handshakes are nothing but a series of datagrams being exchanged and certain protocols agreed on to ensure the rest of the communication is secure. Objectives of the SSL handshake are listed below.
There are multiple steps that take place in a quick time during an SSL/TLS handshake. The exact steps will vary depending on the cipher suites supported and the kind of key exchange algorithm. Here is a series of steps that might represent most of what goes on during an SSL/TLS handshake.
The client initiates by sending a “hello” message to the server. Well not exactly “hello”, but it includes an SSL/TLS version that the client supports, a list of cipher suites, and a string of random bytes called ‘client random’.
In response to the client, the server sends a “hello” back, which includes the SSL certificate, the selected cipher suite (from the list that the client provided), and again a random string of bytes which is called a “server random”.
The client after receiving the response goes on to verify the identity of the server using the SSL certificate. This is verified against the already available list of public keys of major certificate authorities.
After authentication of the certificate and establishing the identity of the server, the client sends a random string of bytes, only this time, it is encrypted with the public key of the server, which came along with the certificate. This sequence of random strings can only be decrypted by the private key of the server. This encrypted random string of bytes is called the “premaster secret”.
The server decrypts this “premaster secret” using the private key it owns.
Both the server and the client generate session keys using the client random, server random, and the premaster secret, using the selected cipher suite, and arrive at the same results.
The client sends a “finished” message duly encrypted with the session key.
The server after receiving the message from the client sends its own “finished” message encrypted with the session key.
This concludes the handshake procedure and the session continues with further messages exchanged with encryption done using the session keys.
Remember this takes place only after the TCP handshake completes.
Here is a figure that explains the same in a pictorial way
It is important to note that SSL has been succeeded by TLS as a preferred method of encryption. SSL is considered obsolete and unsafe, and TLS is used by major browser engines. Having said that, the process does not change much at a high level, it is only when you get into the details that the execution varies.
So, have you made up your mind to make a career in Cyber Security? Visit our Master Certificate in Cyber Security (Red Team) for further help. It is the first program in offensive technologies in India and allows learners to practice in a real-time simulated ecosystem, that will give them an edge in this competitive world.