Search This Blog

Friday 22 January 2021

TLS Handshake

 A handshake is an automated process of negotiation between two participants. The main purpose of a TLS handshake is to provide privacy and data integrity for communication between a server and a client. During the Handshake, server and client will exchange important information required to establish a secure connection.

One Way TLS Hand Shake


1) The client initiates the handshake by sending a "hello" message to the server. The message will include which TLS version the client supports, the cipher suites supported, and a string of random bytes known as the "client random.

The Client will be sending to following information the Server:

  • ClientHello
  • TLS1.2
  • RandomCookie : { 169, 131, 204, 213, 154, 96 .... }
  • CipherSuite  : TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256

2) In reply to the client hello message, the server sends a message containing the server's TLS certificate, the server's chosen cipher suite, and the "server random," another random string of bytes that's generated by the server. Along with the Server Hello, the server will also send the certificate of the server with the certificate chain. The certificate chain will be validated against the certificates in the client trust store.

Server will send the following information to the client:

  • ServerHello
  • TLS1.2
  • RandomCookie: { 19, 150, 56, 42, 168, 202, 151 ..... }
  • CipherSuite : TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • Certificate

3) The client verifies the server's TLS certificate with the certificate authority that issued it. This confirms that the server is who it says it is, and that the client is interacting with the actual owner of the domain.

4) The client sends one more random string of bytes, the "premaster secret/session key" The premaster secret is encrypted with the public key and can only be decrypted with the private key by the server. (The client gets the public key from the server's TLS certificate.)

5) Server decrypts the "premaster secret/session key" using servers private key. Now the session key is created. Both Client and Server generate session keys from the client random, the server random, premaster secret. They should arrive at the same result. 

6) The client sends a "finished" message that is encrypted with a session key.

7) The server sends a "finished" message encrypted with a session key.

8) The handshake is completed, and communication continues using the session keys.


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)