The SSL/TLS Handshake – Know the Process
The SSL/TLS Handshake is a Process to Set Up a Secure Connection
What is SSL/TLS Handshake?
In other words, the SSL handshake is nothing more than a conversation between client and server, whose goal is the same – to achieve secure connection using symmetric encryption.
However, keep reading and get answers to common questions such as information on
- The Update of SSL/TLS Handshake,
- How SSL/TLS Handshake Works,
- The difference between the older and newer version of the TLS handshake?
Is TLS Handshake Updated?
Yes, it’s true, TLS Handshake has been updated. But, that’s also true that the entire TLS version has been updated to the latest one standing: TLS 1.3 (RFC 8446), which took a full decade and 28 drafts. Though there’s nothing wrong with TLS 1.2, it’s secure and still being used globally, but that’s also a truth that there’s a potential of being insecure. Although none of the potential insecurities has been exploited by any malicious actors, still there’s a potential.
Here’s How the SSL Handshake Works
TLS 1.2 Handshake:
Step 2: And, once the server receives the message sent by the client “client hello,” the server responds back by sending the message “server hello.” And, this message also includes other supportive information like the CipherSuite chosen by the server from the client’s offered list. And, it also sends its certificate, session ID and a random value.
Step 3: Once the Client receives the certificate sent by the server, it does the verification, and then it sends back a string of random byte, also known as “pre-master secret” while encrypting it with the help of the public key of server’s certificate.
Step 4: And, after the server receives the pre-master secret, the server and the client both generate a master key with session keys, also called ephemeral keys. And these ephemeral keys are further used for symmetrically encrypting the data.
Step 5: A “Change Cipher Spec” message is sent to the server by the client for letting it know that it’ll switch to symmetric encryption through session keys while sending the “Client Finished” message.
Step 6: Now, the server responds to the client’s “Change Cipher Spec” message by doing the same thing, i.e., switching its security towards symmetric encryption. And the server ends the handshake by sending the “server finished” message.
Here you can see that it took two roundtrips among the client and the server for the completion of the handshake. On average, it takes around 0.25 to 0.5 seconds, but it can take more than that depending upon other factors.
TLS 1.3 Handshake:
Step 2: And, in reply to the “Client Hello” message, the server responds with the chosen key agreement protocol while encompassing the server’s key share, certificate, and the “Server Finished” message.
If you compare the TLS 1.3 with the TLS 1.2, you’ll see the definite difference of reduced round-trip, which also saves hundreds of milliseconds. Though you may think it doesn’t make any significant difference, in reality, it does, as the delay of even a half-second can lead to a decline in traffic.
TLS 1.2 vs. TLS 1.3 – Here’s the Difference
Removal of Vulnerable Algorithms & Ciphers in TLS 1.3:
Cipher Suites Made Simpler:
- Support for outdated ciphers and algorithms eliminated.
- RSA key exchange got eliminated, and Perfect Key Forward Secrecy became mandatory.
- Reduces the total number of handshakes.
- AEAD bulk encryption is mandated while eliminating block mode ciphers.
- Key derivation, as well as HKDF cryptographic extraction, is reduced.
- Zero Round Trip Resumption and 1-RTT is offered.
- Support for additional elliptic curves.
- Difference between Free and Paid SSL Certificate
- How to Fix the SSL/TLS Handshake Failed Error?
- Root Certificate vs. Intermediate Certificates
- What is Hashing Algorithm & How Does It Work?
- Difference Between Digital Signature and Digital Certificate
- Guide to SSL Offloading – What Is It? How It Works & Benefits It Offers
- Know what is Digital Signature?