VietMX Staff asked 3 years ago
SSL (and its successor, TLS) is a protocol that operates directly on top of TCP. This way, protocols on higher layers (such as HTTP) can be left unchanged while still providing a secure connection. Underneath the SSL layer, HTTP is identical to HTTPS. When using SSL/TLS correctly, all an attacker can see on the cable is which IP and port you are connected to, roughly how much data you are sending, and what encryption and compression is used. He can also terminate the connection, but both sides will know that the connection has been interrupted by a third party.
- After building a TCP connection, the SSL handshake is started by the client that sends a number of specifications:
- which version of SSL/TLS it is running,
- what ciphersuites it wants to use, and
- what compression methods it wants to use.
- The server checks what the highest SSL/TLS version is that is supported by them both, picks a ciphersuite from one of the client’s options (if it supports one), and optionally picks a compression method.
- After this the basic setup is done, the server sends its certificate. This certificate must be trusted by either the client itself or a party that the client trusts. Having verified the certificate and being certain this server really is who he claims to be (and not a man in the middle), a key is exchanged. The client tells the server that from now on, all communication will be encrypted, and sends an encrypted and authenticated message to the server.
- The server verifies that the MAC (used for authentication) is correct, and that the message can be correctly decrypted. It then returns a message, which the client verifies as well.
- The handshake is now finished, and the two hosts can communicate securely.
