Part 2 - Behind HTTPS
In Part-1 I’ve explained why we use HTTPS to HTTP and evolution of TLS from SSL, Please go through that before reading this…
In this article we’ll see things that make HTTPS standout from HTTP[a insecure one].
Things to be considered:
There are few things we need to consider to have an encrypted communication in TLS.
1.What are ciphers ?
First and fore most thing we should do is , we should agree with what kind of encryption algorithm we are going to use to understand each others messages.
This is crucial beacuse certain versions of TLS uses certain ciphers, so as long as we and the server have one of those in common, we can make the communication possible.
If one party is using ARIA algorithm and the other is using AES, the communication will be impossible.
2.Secret Key:
Then we need to have some kind of secret key to do key exchange.
3. Authentication:
Then we have some kind of authentication.
Here it is demonstrated whether one of the parties is who they claim to be, it’s often the server or the site that is visited.
We Should know whether the person we are communicating with is really who they say they are.
Public key will be playing a role in this step.
4.Robust:
Here it should be robust to attacks like MITM, replay attack , downgrade attacks etc…
These four things happen in the beginning of the TLS handshake which we’ll see in sometime.
Cipher Suite:
Here i managed to view the TLS session that has been established with a site.
And it is giving us some infomation related to encryption.
Above we can see some techinal details which is stream representation of all the things that are going to happen during a TLS handshake.
This stream representation is called the cipher suite.
After further investigation, public key information is found.
TLS Handshake:
A TLS handshake is a negotiation between two parties on a network — such as a browser and web server to establish the details of their connection.
The above is the pictorial representation of TLS Handshake.
The theoritical overview of this can be found here.
Now we can see this negotiation traffic in wireshark to understand it further:
Above is the traffic after loading the wikipedia page and filtering it’s IP in wireshark.
The first 3 traffic negotiation is known as TCP 3 way Handshake.
In the above image, we can see the communction is happening in TLS version 1.3 .
Here we can see, the client is telling the server that it supports these 16 Cipher suites and it is telling the server to choose any one among the 16 Cipher suites.
Here the server has choosen a cipher suite and has sent a response as server hello.
Elaboration of the above cipher suite:
In the above image we can see a traffic mentioning Change Cipher Spec.
Here the server and the client starts to encrypt their message using the above negotiated cipher method , in this case it’s CHACHA20 and transfer data.
While going through the authentication using digital signatures, we’ll see the decrypted TLS traffic.
Digital Signatures:
The next thing that is involved in the handshake is verifying the party i.e server, who they claim to be.
This is where Digital certificate comes into play.
After decrypting the TLS traffic using keys with the method here,the traffic becomes clear for further analysis of the certificates.
Here we can see 2 traffic in one packet.
The 1st traffic is Protocol: Certificate.
And the 2nd traffic is Protocol: Certificate Verify.
Here we can see there are 2 Digital certificates:
The 1st one is Server’s Certificate
The 2nd one is Intermediate Certificate
To know more about PKI click here .
Here we can see the client has sent the server Handshake Protocol: Finished
After that, we can see the client and the server started to communicate in an encrypted medium.
“The End”
In this article, I’ve shown you how the client and the server negotiate in an encrypted medium.
I will recommend you to try it yourself , as it will give an experience.
Finally I thank whoever reading this, for spending your valuable time on my article.
Author: Girithar Ram R
Contact: https://www.linkedin.com/in/girithar-ram-ravindran-a4341017b/s