In today’s digital age, security is paramount. Every time you browse a website, send an email, or make an online purchase, a complex security process is working silently in the background to protect your data. This process, known as the SSL/TLS handshake, is the foundation of secure communication on the internet.
When you perform an action like clicking a link or submitting a form, your browser needs to establish a secure connection with the server if one doesn’t already exist. The SSL/TLS handshake occurs before any actual data (like your blog post or form submission) is transmitted. It’s a series of back-and-forth communications between your device and the server, happening in milliseconds, to ensure that your data remains private and secure as it travels across the internet.
This is part one in the series of blogs on load balancing and security. The part two of the blog can be found here https://medium.com/@pradoshkumar.jena/understanding-ssl-tls-decryption-at-the-load-balancer-a-comprehensive-guide-3799b52cd6d5
Step-by-Step Process
Initiating the Connection
- You Click a Link or Submit a Form: For example, you click a link to visit “https://www.yourbank.com" or you submit a form to post a blog.
- Browser Initiates SSL/TLS Handshake: If this is the first time you’re connecting to this server during your session, your browser starts the SSL/TLS handshake to establish a secure connection.
ClientHello Message
- What Happens: Your browser sends a “ClientHello” message to the server.
- Contents: This message includes supported SSL/TLS versions, cipher suites, and a random number.
- Purpose: This is the browser saying, “Hello, I want to start a secure connection. Here are the encryption methods I support.”
ServerHello Message
- What Happens: The server responds with a “ServerHello” message.
- Contents: This message includes the chosen SSL/TLS version, cipher suite, and another random number.
- Purpose: This is the server saying, “Hello, I accept your request for a secure connection. Here is the encryption method we will use.”
Server Certificate
- What Happens: The server sends its SSL/TLS certificate to the client.
- Contents: The certificate contains the server’s public key and is signed by a trusted Certificate Authority (CA).
- Purpose: The client uses this certificate to authenticate the server’s identity.
Client Key Exchange
- What Happens: The client generates a pre-master secret, encrypts it with the server’s public key (from the certificate), and sends it to the server.
- Purpose: This pre-master secret is used to generate session keys for encrypting the session’s communication.
Server Decryption with Private Key
- What Happens: The server receives the encrypted pre-master secret.
- Decryption: The server uses its private key to decrypt the pre-master secret.
- Role of Private Key: The private key, which only the server possesses, decrypts the information encrypted with the corresponding public key. This ensures that only the server can decrypt the pre-master secret sent by the client.
Session Keys Generation
- Both Parties: Using the decrypted pre-master secret, both the client and server independently generate identical session keys.
- Purpose: These session keys are used for encrypting and decrypting the data exchanged during the session.
Secure Data Transmission
- Encrypted Communication: With the session keys in place, all subsequent data (e.g., your blog post or form submission) is encrypted by the client, transmitted to the server, and decrypted by the server using the session keys.
- You Interact: You log in, post a blog, etc., with all data encrypted during transmission.
Real-World Example: Posting a Blog
To clarify this process We will take one more real-world example, let’s go through posting a blog:
You Write a Blog and Click “Post”
- Your browser prepares to send this data to the server.
Handshake Initiation
- If no secure connection exists, the browser initiates the SSL/TLS handshake.
ClientHello and ServerHello
- ClientHello: The browser sends supported encryption methods.
- ServerHello: The server selects an encryption method.
Server Certificate and Key Exchange
- Server Certificate: The server sends its certificate containing the public key.
- Client Key Exchange: The browser generates a pre-master secret, encrypts it with the server’s public key, and sends it to the server.
Server Decryption with Private Key
- The server uses its private key to decrypt the pre-master secret.
- Both the client and server generate session keys from the pre-master secret.
Secure Connection Established
- The handshake completes, and a secure, encrypted connection is established.
Transmitting the Blog Post
- Encrypted Data: Your blog post data is encrypted using the session keys.
- Secure Transmission: The encrypted blog post data is sent to the server over the secure connection.
- Decryption: The server decrypts the data using the session keys and processes your blog post.
Summary of Key Points
- Public Key: Used by the client to encrypt the pre-master secret, ensuring that only the server can decrypt it.
- Private Key: Held by the server, used to decrypt the pre-master secret sent by the client.
- Session Keys: Generated from the pre-master secret by both the client and server, used to encrypt/decrypt the data during the session.
- Secure Communication: The actual data transmission (e.g., your blog post) happens after the secure connection is established, ensuring privacy and security.
I have one question .Please share your thoughts .
Where does the browser hold information(like click data or blog post content) during the handshake?
References :
https://www.rapidsslonline.com/ssl/difference-between-public-and-private-key/
I hope it has clarified some of your doubts regarding this subject. Please share your comments and thoughts.
