The current levels of cyber breaches are extremely alarming. With these trends, cyber experts are on the run to come up with measures that can help mitigate the cases of cyber insecurities. Similarly, websites owners and IT experts are always keen to install new software that can help mitigate cybercrimes.
One of the most efficient tools in the war against cyber criminals is the SSL certificate. SSL certificates play a very vital encryption role that protect the information of the users. SSL certificates create a secure connection that make it extremely hard for cyber criminals to break. This tool has been adopted widely by all those who care about the security of their data files. Today, the SSL certificates usages have increased spontaneously. According to a study conducted by BuiltWith, there exist over 85,167,054 SSL certificates on the internet today.
To ensure for the success of its encryption, an SSL certificate uses the SSL handshake, also called the TLS handshake. It is this subject of the SSL handshake that we exploit today. If you want to know how an SSL certificate works, then take a few minutes to read on.
With your interaction with the internet, and specifically on the HTTPS websites, you might have experienced the TLS handshake, only that you were unaware of it. Browsers and servers usually establish a secure connection using an SSL handshake. The main role that an SSL handshake plays is providing the utmost data integrity and privacy that are key for a secure communication between the client and the server. The handshake process involves an exchange of essential information that is needed to establish a secure connection.
There are two types of SSL handshakes; the one-way SSL handshake and the Mutual SSL handshake also called the two-way SSL handshake. The two have been described below.
One-way SSL handshake
With the one-way SSL handshake, only the client is required to validate the server. When you browse any HTTPS site, this is the kind of SSL handshake that you will experience. It is your browser that will be required to validate the identity of the server that exists in the form of a website. The server will also have to validate the identity of the client in return.
Two-way SSL handshake
Also known as mutual SSL handshake. The two-way SSL handshake usually happens between two servers. This is the type of an SSL handshake that is used in server to server kind of communication. All the servers are required to validate the identity of the other server.
The SSL Handshake Steps
The SSL handshake is one that involves several steps. These steps are explained below.
Step 1: Client Hello Message
It is the client that initiates the SSL handshake process. He does this by sending the client hello message to the server. Still wondering what this is. Well, I will explain it to you. The client hello message is one that is needed by the server to initiate a secure connection in the HTTPS form.
The Hello message will explain to the server the cipher suites that are supported by the client, the TLS version with which the client is running on and the strings of random bytes that are referred to as client random. Assuming the handshake was a real communication, then the client hello message will appear as:“hello server. I intend to establish a secure connection with you. Details about my compatible SSL version and my cipher suites are…….”
Step 2: Server Hello Message
Next, the server will reply the hello message that has been send by the client with his own hello message that details the configuration that it has chosen from the details provided by the client. The server’s hello message will contain details about the SSL certificate version selected from the list of those given by the client. It will also send details of the cipher suite that it has selected from the list of ciphers that the client provided.
Using the dialogue example, then the server hello message would have appeared as: “Hello. This is the server. I have received your message and gone through the details you provided about the SSL version and the cipher suites. I think we are set to go. Here are the details about my public key and my certificate file….”
Step 3: Verification
The client will then have to verify the SSL certificate file that the server has provided with the Certificate Authority (CA) that issued it. Doing this will enable the client to establish the real identity of the server and make sure that server is who he claims he is. This step is crucial because it ensures for the security of the client in a world where scammers are uncountable.
Now, using our speech example, this would appear as; Client- “I have received details about your public key and your certificate file. I will have to verify your certificate and then I will conduct you when I am done.”
After completing the validation, the client will send a message to the server informing the server that he has successfully verified the certificate file. The client will then proceed to verifying the public key of the server. Thus, in our speech example, the message would have appeared as; “I have verified the certificate file. It looks okay. However, I will have to also validate your private key before proceeding….”
Step 4: Server Key Exchange Message
This message is usually sent by the server to the server. It contains the details that are essential to generate the pre-master secret. The premaster key is wholly encrypted with the public key. To decrypt the premaster key, the server needs the private key. In the speech format that we have adopted, this message will appear as: client- “to verify your private key, I will generate and encrypt a shared secret key that is called the premaster key. To do this, I will need to use your public key. Use your private key to decrypt the premaster key and we will use the premaster key to decrypt and encrypt all our communication.”
Step 5: Private Key Used
The server will have to do all that the client asked for. The server will have to decrypt the private key. In our speech form, it will be something like: “done. I have successfully decrypted the private key.”
Step 6: Creation of Session Keys
The next step is the generation of session keys. This is done by both the server and the client. The session keys are generated by the server random, the client random and the premaster secret. Both the server and the client ought to arrive at similar results.
Step 7: Both the server and the client are ready
After going through all the above steps, both the server and the client will send a “finished” message. The message is usually encrypted with a session key.
Step 8: The handshake is complete
At this point, the secure symmetric encryption has been fully achieved. The handshake is a success and the communication will go on using the session keys.
Before I conclude, let me take you through a frank explanation of what a cipher suite is. It is a term you have encountered while reading the above steps and would wish to explain it to make it sink. A cipher suite is term used to refer to a set of encryption algorithms that are essential in establishing a secure connection. Encryption algorithms usually convert data to make it appear random.
Security is of great essence today. Web visitors are keen to establish whether their connection is secure or not. They are looking for the security indicator, the SSL certificate. Secure connection starts with the SSL handshake. An SSL handshake is where two parties establish a secure connection and exchange public keys. During the SSL handshake, the server and the client will generate session keys and use the session keys to encrypt all their communication. This article has fully explained the steps of the SSL handshake and it will help you understand how it works.