SSL, TLS, HTTPS

Communication between browser & server

  1. Without HTTPS - plaintext.

  2. With HTTPS - encrypted.

HTTPS uses TLS (Transport Layer Security) to send data in encrypted form.

Steps in a TLS handshake -

  1. TCP Handshake - Browser establishes connection with the server using TCP SYN, TCP SYN + ACK, TCP ACK.

  2. Certificate Check - Client sends hello message to server. In this message, browser tells server - what TLS version it supports, what cypher suite it supports. Server sends back Server hello message with the TLS version it chose, and cypher suite it chose amongst the ones supported by browser. Server sends certificate to the client, one of the primary thing this certificate holds is public key for the server.

  3. Key Exchange - Clients generates a session key (suppose, RSA) and encrypts it using server's public key and sends this encrypted session key to server. Server receives the key & decrypts using its public key, now both sides hold the session key.

  4. Data Transmission

Last updated