When you use the internet, all data transferred to your computer from the internet occurs when your computer and the network agree on a protocol that will result in the transfer. It’s almost as if two strangers are talking to each other and figuring out how to communicate by using a single common language. The network communicates between client machines, each of which is either using or consuming services. The second machine is the server, which stores the information and makes it available to the user. But where does an SSL handshake fit into this communication? That is exactly what we will discover in this article today.
What is an SSL Handshake?
SSL stands for Secure Socket Layer, and it is a cryptographic security protocol that makes it possible for users to have secure communication when receiving or transferring data over the internet. The main idea behind creating SSL is to hide or encrypt the data in such a way that only the sender and the actual receiver of the data can decipher it via a secret decryption key. The very first time this type of security feature was ever used was back in 1994 in Netscape. The very first version of SSL was never released for the public to use and secure their communication because it had so many security flaws that it could not be used on a large scale.
The first release for the public took place in the year 1995 with SSL2 v2, which got an update with a steadier version in November 1996. Then, after SSL came TLS, which became widely accepted due to its use in email, instant messaging, and even voice-over applications; apart from that, it was also used as a security layer in HTTPS.
The working of SSL Handshake
The SSL handshake is a series of datagrams, or you can say messages, that are exchanged between a client and a server. The SSL handshake has a number of steps that lead to the exchange of information between the client and the server. There can be no data transfer until the handshake has been completed.
When it comes to defining the workings of the SSL handshake, you must know that steps will vary depending upon the kind of key algorithm that has been used. In addition to the cypher suites supported on both sides of the transfer, One of the most common exchange algorithms is the RSA algorithm. Thus, we are using it to showcase the workings of the SSL handshake.
Client Message “Client Hello”
For the handshake to begin, a client must first send the message; in this case, the client is a personal computer seeking information from the server. As a result, the client sends the server a “hello” message. This message contains information about the SSL version that the client supports, as well as the cypher suites. In addition, there is a string of random bytes, which is also referred to as “client random.”
Server Sends Message “Server Hello”
Here, in reply to the client’s hello message, the server will send a hello message from its side. This message will receive the server’s SSL certificate along with the chosen cypher suite, and a random server byte will also be included. The server will generate this random string of bytes.
When the client’s machine receives the “server hello” message, it verifies it by checking its SSL certificate with the SSL authority that issued it in the first place. Once the authentication is complete, it demonstrates that the server is displaying the true identity and is who it claims to be. Also, this will demonstrate that the client is interacting with the original owner of the domain, rather than a doppelganger attempting to impersonate it in order to obtain sensitive information from the client.
Setting Premaster Secret
Following that, the client will send a random string of bytes known as the premaster secret. This secret string is encrypted and contains the public key. It can only be decrypted with a private key found only on the server. You’re probably wondering how the client obtained the server’s public key. The answer is straightforward: through the SSL certificate that the server sent for authentication.
Use Of Private Key
The server receives the premaster secret and then decrypts it using its own private key.
Session Keys Created
Once the private key is used to decrypt the premaster secret, both the client and the server will generate their session keys for the handshake to take place. The session keys are created using client-side randomization from the server-side.
At the same time, the client also creates a session key using the server’s random bytes. If everything is going well and both are true to their identity, the server and client will arrive at the same result. That is, both of their session keys will be identical.
Client Gets Ready
The client’s machine will send the message “finished,” which also holds encryption that holds the session key.
Server Gets Ready
The server also sends a “finished” message to the client, which has an encrypted message with a session key.
Symmetric Encryption Is Achieved
Once the client receives the “finished” message from the server, the handshake is complete, and communication between the two machines will take place using the session keys.
What is a Cipher Suite?
A cypher is nothing but an algorithm or simple steps that are used to perform a specific mathematical function. This mathematical function could be encryption, hashing, or digital signatures. You can find the basis of the cypher in math. On the other hand, cypher suites provide essential information on how to communicate and connect two computers using the network to transfer data securely. The cypher suite’s information is present in the form of algorithms and protocols. With the use of a cypher suite, the server gets to know which of the following algorithms it needs to use.
Why does SSL Handshake need to use the Cipher Suite?
It is critical that the data be encrypted. Before the client application, cipher suites are used, and information is exchanged via an SSL/TLS connection between the server and the client. When the client application initiates an SSL handshake with the server, this part of the process also informs the server about the type of cipher suite that it must use for this specific SSL handshake.
If you are in charge of a server, you must prioritise the list of cipher suites that the server will use to perform the handshake.
Components of Cipher Suite
The cipher suite is made up of four main components, each of which is described below so that you can understand how they work in the cipher suite.
1. Key Exchange Algorithm
To ensure data security when transmitting between two computers via SFTP and HTTPS, both the receiving and sending parties must share their encryption and decryption keys. It is symmetric encryption when the key exchange algorithm uses both the encryption and decryption keys of both parties.
Symmetric encryption provides security and confidentiality, but it is not without flaws. One of the major concerns is that if an attacker obtains a shared key, it will be easier for them to decrypt the entire data in a matter of seconds. As a result, the industry must develop key exchange protocols that secure the exchange of symmetric keys over an insecure network.
2. Authentication Algorithm
In order to make sure that the transfer of data is secure and correct, a web server has to come up with a way to verify the identity of a user who is about to receive the data. For the verification to happen, a user needs to input a set of credentials, including a username and password. This will help in the authentication process, and there are a number of authentication algorithms that are present in cipher suites. Some of them are RSA, DSA, and ECDSA.
3. Bulk Data Encryption
Following the authentication algorithm, we have bulk data encryption, which is used, you guessed it, to encrypt and protect the bulk data from being hacked. The most common bulk data encryption algorithms are AES, 3DES, and CAMELLA. According to Microsoft’s research, the bulk encryption key is generated by hashing one of the MAC keys along with the CryptHashSessionKey, which includes message contents as well as other data.
4. Message Authentication Code (MAC) Algorithm
The MAC algorithm is a piece of information that is sent in addition to the content of the message so it can be used to authenticate the message. For data transfer, both the sender and the receiver of the message will have the same key for the MAC algorithm to work. But this algorithm has its own set of disadvantages. First, it cannot protect the data when there is an intentional change of authentication codes.
On the other hand, in some rare cases, an intruder can quickly change the message and create a new checksum that will replace the original checksum with the new value created by the intruder. We can use the cyclic redundancy check (CRC) algorithm to keep these issues at bay. But in truth, it is only helpful in detecting the randomly damaged parts of the message. It cannot notice an intentional change of message that the attacker makes. The typical examples of MAC algorithms are SHA and MD5.
What are the benefits of having an SSL Certificate?
Given below are some crucial benefits that everyone should read about, which show how SSL certificates are essential not just for the servers and websites but also for the users as well.
1. SSL Protects Data
There is no doubt that SSL protects our data; additionally, it protects the server-client information. When you install SSL on your website, every piece of information you have on the website and transfer is encrypted. Simply put, the data becomes locked, and only the intended individual has access to it. SSL also protects your data from the army of hackers who try to break into your database and leak sensitive information about your website and its users.
2. SSL Affirms Your Identity
When you get the SSL certificate on your website, your website becomes more reliable and authenticated. When it comes to making people visit your website online, you need to make them trust you, and an SSL certificate is one of the best ways to achieve that. When you are getting an SSL certificate, you are going through a validation process that is regulated by an independent third party, also known as a Certificate Authority (CA).
The CA will authenticate your identity and that of your organisation as well. Once both of these processes are done, your website will have a trust indicator that vouches for your integrity. When users see them, it gives them satisfaction that the website is authentic.
3. Better Search Ranking
In 2014, Google came up with a new set of changes. According to the report, websites that have an SSL certificate enabled will get a higher ranking than those that are not using an SSL certificate. As a business that wants to attract more customers online, having a higher Google ranking is pretty essential.
4. SSL Keeps Transactions Encrypted
If you are selling services or products online and people are purchasing them, it is better to have an SSL certificate. SSL will keep your user’s card credentials encrypted so no one can see them, not even you. That will make the transactions one hundred percent secure, and customers will be satisfied.
This is what SSL is all about, but keep in mind that it has been superseded by TLS, which has become an industry standard for encrypting data for online transfers. SSL is considered unsafe and out of date in today’s world. We are not referring to the SSL certificate; rather, we are referring to the SSL handshake procedure. TLS hasn’t changed significantly, but when you dig into the details, you’ll discover that the execution of these two encryption methods varies greatly.