This post is about 4 phases of SSL (Secure Socket Layer) protocol and how it works internally before start sending data over the transport layer from Application layer.
In my previous post: SSL protocol overview you know and familiar about SSL protocols which includes overview of SSL, architecture of SSL, SSL record protocol steps. In this post you will learn about details of 4 phases of protocol. If you have not gone through my previous post of SSL protocol overview , you must visit before this post because SSL protocol overview is a basic building block of SSL (Secure Socket Layer) protocol.
1. Overview of Four Phases of SSL Handshake
- Phase-1: Establishing Securing Capabilities
- Phase-2: Server Authentication and Key Exchange
- Phase-3: Client Authentication and Key Exchange
- Phase-4: Finalizing Handshake Protocol
Visually, all these phases are showcased in this picture step by step and clearly. In this image, one client is trying to connect into remote system/machine by using
SSL (Secure Socket Layer).
SSL is basically used over transport layer with HTTP protocol. for few second forgot about HTTPS and see how SSL works internally.
Let us describe one by one of each phase in details , about how it works.
2. Phase-1: Establishing Securing Capabilities
In the first phase of establishing security capabilities is used to exchange security capabilities and satarted by client_hello message sent by the client to the server. It contains various parameters:
- client random : 32 bits timestamp + 28 bytes of random generated by client
- session Id: variable session length, 0 mean new session, else client want to update existing session.
- cipher Suite : list of the course for decreasing order like keys, encryption methodology, etc..
- compression Method: method which used for compression etc.
- version: either send by client or server version if
- server random: similar type of client session but independent of client.
- session Id: if client id is 0 server put new session id which indicates new session else client id
- selected Cipher Suite: selected suites by client
- selected compression method: selected compression algorithm used in during transfer.
3. Phase-2: Server Authentication and Key Exchange
In phase-2 of SSL Handshake protocol is Server authentication and key exchange. This phase is used by server to send following message to the client.
- Certificate: This message conveys server certificate to the client.
- server_key_exchange: this is sent by serve only when server certificate does not contains enough data to allow the client master pre secret. it contains server’s key exchange parameters
- certificate_request: server request certificate from the client , it has two things: certificates types which contains list of certificate types that client may offer and list of certificate authorities , as list of distinguise name of acceptable certificate authorities.
- server_hello_done: send message sent by serve to indicate and done with key exchange and client can proceed with this phase exchange. there is no any parameter with this message.
4. Phase-3: Client Authentication and Key Exchange
This phase is used by the client to send the following message to the server.
- certificates: this message is send to if not suitable certificate is available , if some aspect change unexpectedly
- client_key_exchange: depending on the cipher suit selector on phase-1, with this message either pre master secret and parametrs sent which is used to calculate both side,
- certificate_verify: use to provide explicit verification of client certificate. it must immediately follows client_key_exchange.
5. Phase-4: Finalizing Handshake Protocol
6. Finally SSL Handshake
All the 4 phases of SSL handshake protocol perform their functionality and move to the next step.
once session has been established then SSL record protocol start sending data which has been explained in the previous post of SSL protocol overview. It is only session which enables multiple connections. In SSL protocol too, there is session and there is connection. for session there could be multiple connections.
Session is created by the SSL protocol. Session is identified by cryptographic parameters. A session parameters can be used across multiple connections to avoid time consuming new security parameters.
A connection is a peer-to-peer relationship. e.g. a client can exchange application data with server, so that there is a connection. Connection is transient and associated with session.
There are some parameters which is associated with session and some parameter associated with connection. I’m skipping those parameters list over here.
You have reached this point , it means you like this post, you are requested to comment about this and your comments are always welcome to improve this post. Happy Learning 🙂