SSL/TLS Handshake

SSL/TLS Handshake

In an increasingly digital world, the significance of secure online communications has never been greater. At the heart of this security lies a critical process: the SSL/TLS handshake. This sophisticated mechanism is the baseline of trust and confidentiality between two online communicating parties. 

Be it a simple transaction on an e-commerce website or accessing confidential information, the SSL/TLS handshake plays a role in ensuring that data remains secure and private.

What is an SSL/TLS Handshake?

The SSL/TLS handshake is a protocol used to establish a secure communication channel between two systems, typically a web server and a client. This handshake is crucial for ensuring the privacy and integrity of the data exchanged over the internet. 

It serves as the bedrock of secure online transactions, safeguarding sensitive information like login credentials, financial data, and personal details from being intercepted or tampered with by unauthorized parties.

Origins and Evolution

The SSL/TLS handshake's origins date back to the 1990s, initiated by Netscape's creation of SSL (Secure Sockets Layer) to secure internet communications. SSL evolved through several versions, enhancing encryption and authentication methods in response to growing cybersecurity threats. 

The evolution of SSL led to the development of TLS (Transport Layer Security), which offered improved security features and eventually superseded SSL. 


How Does the SSL/TLS Handshake Work?

The SSL/TLS handshake is a sophisticated process important for establishing a secure connection between a client (like a web browser) and a server (such as a website).

This process involves several detailed steps, which can vary depending on the TLS version and the supported parameters by both parties.

1. Client Hello

This is where the client initiates communication with the server. This message is crucial as it sets the stage for the secure connection that will be established. During this step, the client sends a packet to the server containing several important pieces of information:

  1. TLS Version
  2. Cipher Suites
  3. Client Random
  4. Session ID
  5. Compression Methods

2. Server Hello

Following the client’s attempt, it is now the server’s turn to issue a direct response to the client's request to establish a secure connection. The server's response includes several components:

  1. TLS Version
  2. Cipher Suite Selection
  3. Server Random
  4. Server Certificate
  5. Key Exchange Method
  6. Request for Client Certificate (Optional)
  7. Session ID (Optional)

3. Authentication

This process involves the use of digital certificates, which are electronic documents binding a public key to the identity of the server or entity. When the client (like a web browser) receives the server's certificate, it checks the certificate's validity.

This verification involves several checks:

  1. Certificate Authority (CA) Validation: The client verifies that the certificate was issued by a trusted Certificate Authority. Web browsers and operating systems typically maintain a list of trusted CAs.
  2. Domain Verification: The client ensures that the certificate is valid for the domain it's trying to communicate with. This prevents a server from presenting a certificate for a different domain.
  3. Certificate Expiry Check: Certificates are issued with an expiration date, and the client checks to ensure that the certificate hasn't expired.
  4. Certificate Revocation Lists (CRLs): The client may check CRLs to ensure that the certificate hasn't been revoked by the CA.
  5. Public Key Verification: The client uses the public key in the certificate to encrypt data (like the premaster secret in TLS 1.2 or other key materials in different protocols). If the server can decrypt this data with its private key, it confirms that the server owns the corresponding private key to the public key in the certificate, completing the authentication.

4. Key Exchange

In this step, both the client and the server agreeing upon a shared secret key, which will be used for encrypting and decrypting the data exchanged during their session. It’s a blend of asymmetric and symmetric encryption techniques, ensuring both security and efficiency.

  1. Initiation of Key Exchange
  2. Generation of a Premaster Secret
  3. Encryption with Public Key
  4. Decryption and Session Key Creation
  5. Confirmation and Transition to Secure Communication


5. Establishing a Secure Connection:

After the initial exchange of messages (ClientHello and ServerHello) and the authentication of the server's certificate by the client, both parties proceed to establish a secure connection. This is achieved through a series of steps:

  • The client generates a premaster secret, a random string of bytes, which is encrypted using the server's public key (obtained from the server's SSL certificate). This encrypted premaster secret is then sent to the server.
  • Upon receiving the encrypted premaster secret, the server decrypts it using its private key. Now, both the server and the client possess the same premaster secret.
  • Using the premaster secret along with the previously exchanged random values (Client Random and Server Random), both the client and the server independently compute a master secret. From this master secret, a set of session keys (symmetric keys) are derived. These session keys will be used for encrypting and decrypting the data transmitted during the session.
  • The client then sends a ChangeCipherSpec message, signaling that subsequent messages will be encrypted using the newly established session key. It also sends a Finished message, encrypted with the session key, to the server. The server, upon receiving and decrypting this message, verifies that the handshake has been completed successfully.

The server sends its own ChangeCipherSpec message followed by an encrypted Finished message. Once the client decrypts and verifies this message, the handshake is formally completed.

6. Finalizing the Handshake

After the client and server have exchanged all the necessary data, including the premaster secret and certificates, the client sends a ChangeCipherSpec message. This message signals that the client will start using the new session keys for hashing and encrypting messages. The server will also send a similar message indicating the same.

The client sends a Finished message, which is the first message encrypted with the session key. This message contains a hash and authentication code, verifying that the handshake occurred without tampering and that the session keys were correctly derived.

Then, the server decrypts and verifies the client's Finished message. Once confirmed, the server sends its own Finished message, also encrypted with the session key. This message serves as a verification that the server's ChangeCipherSpec message was received and that the server is ready to communicate securely.

Upon receiving and verifying the server's Finished message, the handshake process is complete. The client and server have now successfully established a secure communication channel. All subsequent data exchanged in the session will be encrypted with the session keys.


In essence, SSL/TLS form the backbone of online security, and each of the mentioned steps ensure that sensitive information remains protected from interception or tampering. In a world where cyberattacks are becoming an increasing concern, SSL/TLS become your first layer of shield. 

Published on:
April 3, 2024
This is some text inside of a div block.