Not every developer these days has a clear picture of how the Client/Server HTTPS/TSL encryption works. To be fair I have to sometimes look at my notes to recall this process as it’s confusing and easy to forget.
Especially for these Devs working on the front end and using publicly available 3rd parties middleware, ready to be used for your solution – so, why bother?
But anyway … this is a good piece of information to keep in the mind and if you forget, this handy post can remind you how the entire process workflow works again.
TLS handshake (negotiation) process flow
Example algorithm used now on: ECDH/RSA
- Client – [Sends](Hello: These are my supported cipher suites) -> Server
- [Server chooses the cipher from the supplied cipher suites]
- Server – [Sends](Hello: This is my certificate with Public key) -> Client
- [Client validates the Certificate]
- Server – [Sends](Hello done) -> Client
- [Client generates Pre-Master secret and encrypts it by Server Public key]
- [Client generates (calculate) Symmetric key (Master secret) based on Pre-Master secret and random numbers
- Client – [Sends: Pre-Master Secret exchange](Change Cipher: Pre-Master secret) -> Server
- [Server receives and decrypts Pre-Master secret]
- [Server generates (calculate) Symmetric key (Master secret) based on received Pre-Master secret and random numbers]
- Client – [Sends](Change Cipher Spec) -> Server, which means that from now on, any other message from the Client will be encrypted by the Master secret
- Client – [Sends: Encrypted] -> Server and the Server tries to decrypt the finished message
- Server – [Sends](Change Cipher Spec) -> Client, which means that from now on, any other message from the server will be encrypted by the Master secret
- Server – [Sends: Encrypted] -> Client, Client tries to decrypt the message
-- handshake is completed --
— the communication encryption is changing from asymmetric to symmetric —
Example algorithm used now on: AES
15. Symmetric bulk encryption switched, Client and Server established TLS communication
// Agenda  -> action () -> message
Some other facts to be aware of
- Anything encrypted by the public key can be decrypted by the private key only
- More details about TSL
- What are ECDH, RSA, and AES
- What are asymmetric and symmetric cryptography
Thanks for staying, subscribe to my blog, and leave me a comment below.