Introduction
Secure Socket Layer / Transport Layer Security
SSL and the newer TLS are technologies that allow the secure encryption and transmission of data across the internet. Without these technologies any data sent across the internet would be susceptible to interception by third parties.
This data could include:
- Personal information – home address, telephone number
- Sensitive information – medical information, criminal record information
- Financial information – banking logins/passwords & credit card information
TLS & Digital certificates work to ensure that data cannot be read / tampered with if intercepted and that you have protection against man-in-the-middle attacks.
TLS Layers
Transport Layer Security contains two components, or layers, each with a particular purpose.
- Handshake Layer/Protocol
- Record Layer / Protocol
Handshake Protocol
Handshake Protocol
The TLS Handshake is used to establish encryption and trust between the server and client. Below is the handshake used in TLS 1.2, not the newer TLS 1.3 which is a little different.
Step 1 – Client Hello
In the first step the client sends a message to the server listing the various encryption technologies that the client supports.
This includes:
- The version of SLL/TLS that the client supports
- The encryption algorithms that the client supports
- Data compression algorithms
Step 2 – Server Hello
The server responds with:
- The chosen set of encryption algorithms to be used. This is known as the Cypher Suite.
- A session ID to be used for the remainder of the connection
- The server’s digital certificate, which contains the server’s public key
Step 3 – Verify the digital certificate
The client contacts the certificate authority listed on the digital certificate and checks that the certificate is authentic and is still valid, thereby verifying the identity of the server.
Step 4 – Secret key sharing
The client sends a secret key, encrypted with the server’s public key, to be used as a shared key for symmetric encryption for the remainder of the session.
Note: Most web servers actually use Diffie-Hellman Ephemeral Key Exchange for the session encryption as it provides perfect forward secrecy.
Step 5 – Server responds handshake complete
The server responds with a message encrypted using the shared symmetric key, indicating that the handshake is complete and the session then begins.
Record Protocol
Record Protocol
Once a secure session is established the remainder of the session is secured using the cypher suite, symmetric keys and compression agreed during the handshake protocol.