Skip to content

Instantly share code, notes, and snippets.

@khiet

khiet/ssl_tls_handshake.md

Last active June 18, 2023 09:12
Show Gist options
  • Save khiet/80296309c1cee92d16ff4308963d8cfc to your computer and use it in GitHub Desktop.
Save khiet/80296309c1cee92d16ff4308963d8cfc to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ssl_tls_handshake.md

SSL/TLS Handshake (TLS 1.2 with RSA)

One-way SSL

sequenceDiagram
    autonumber
    participant Client
    participant Server
    participant CA as Certificate Authority
    Client ->> Server: Sends a 'hello' message with <br> TLS version, <br> cyrptographic algorithms, <br> data compression method <br>, and 'client random'
    Server ->> Client: Sends a 'hello' message with <br> SSL certificate (which includes public key), <br> chosen cyrptographic algorithms <br>, and 'server random'
    Client ->> CA: Verifies the SSL certificate with Certificate Authority that issued the certificate
    Client ->> Server: Sends a 'premaster secret' (another random string) <br> encrypted with the public key
    Server ->> Server: Decrypts the 'premaster secret' with the private key
    Server ->> Server: Creates a session key (symmetric key) with e.g. AES from <br> the client random, the server random and the premaster secret
    Client ->> Client: Ditto
    Client ->> Server: Sends a 'finished' message encrypted with the session key
    Server ->> Client: Ditto, the handshake is complete
    Client ->> Server: Uses the session key to communicate
    Server ->> Client: Ditto
Loading

Two-way SSL

sequenceDiagram
    autonumber
    participant Client
    participant Server
    participant CA as Certificate Authority
    Client ->> Server: Sends a 'hello' message with <br> TLS version, <br> cyrptographic algorithms, <br> data compression method
    Server ->> Client: Sends a 'hello' message with <br> SSL certificate (which includes public key), <br> chosen cyrptographic algorithms
    Client ->> CA: Verifies the SSL certificate with Certificate Authority that issued the certificate
    Client ->> Server: Sends a 'hello' message with <br> SSL certificate (which includes public key), <br> chosen cyrptographic algorithms
    Server ->> CA: Verifies the SSL certificate with Certificate Authority that issued the certificate
    Client ->> Client: Creates a session key
    Server ->> Server: Ditto
    Server ->> Client: Uses the session key to communicate
    Client ->> Server: Ditto
Loading
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment