SSL/TLS and Handshaking

What are they?

The Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols help to secure the information that is transmitted using Hypertext Transfer Protocol (HTTP) through encryption. When your connection to a web server is secured using SSL or TLS, you will see the acronym HTTPS appear in your browser bar instead of HTTP, and a padlock symbol is also often presented to indicate that the transmitted information is encrypted and cannot be read by malicious actors even if they intercept the transmitted information.

A Comparison Between TLS & SSL

TLS is the successor to the SSL protocol, which was first developed by Netscape. It performs the same function as SSL, but it is much more updated and improved. However, the term SSL has a longer history and is more well-known, so both terms are often used interchangeably in referring to a secure HTTP connection.

What is SSL TLS and handshaking

How TLS secures connections

Before a website or web application can use TLS, a TLS certificate (more commonly called SSL certificate because of SSL’s longer history) needs to be installed on the web server. The certificate contains information about domain ownership, along with the server's public key, and both are essential for validating the server's identity.

In order to start secure information transmission between the web server and the client (e.g. a web browser) using TLS, both must engage in a “handshake” to introduce themselves and establish a relationship. The TLS handshake establishes the following:

  • The TLS version both will use (e.g. TLS 1.0, 1.2, 1.3 etc)
  • The cipher suites or the specific encryption algorithms used in the handshake
  • The authenticity of the TLS/SSL certificate to confirm the server’s identity
  • The session keys to encrypt information transmission following the handshake

The TLS handshake process

During the TLS handshake process, asymmetric encryption is used. Asymmetric encryption makes use of public-private key-pairs instead of a single key. Public keys, as the name implies, can be distributed publicly, while the private key is held only by the web server. Any client with a public key can decrypt a message encrypted with the server’s private key to verify that the message indeed came from the server. The client obtains the public key from the TLS/SSL certificate after verifying the certificate with the certificate’s issuing authority.

Both sides need to establish the master key to encrypt and decrypt all later data exchanges. To establish the master key, the client sends back a pre-master key encrypted using the public key obtained from the SSL certificate, which only the server can correctly decrypt to obtain because nobody else holds the corresponding private key (asymmetric cryptography). This establishes the server’s identity. Both sides now compute a secret shared session key from the pre-master key.

The client then sends a message to the server encrypted using this secret shared session key. If the server is able to decrypt the message successfully, it sends back a message to the client encrypted with the same secret shared session key. This time, if the client is also able to successfully decrypt the message using the secret shared session key, the TLS handshake process is complete. Both sides will encrypt all future communication after the handshake using the same secret shared session key, which is also known as symmetric encryption.


Symmetric Encryption

Encryption that relies on a single private key to protect information in transit.

Asymmetric Encryption

Encryption that relies on both a private and public key.

SSL (Secure Sockets Layer)

The Secure Sockets Layer (SSL) is a protocol by which servers can establish trust to a client.

TLS (Transport Layer Security)

TLS, or Transport Layer Security (TLS) is a successor to SSL-based encryption.