Handshake Process

The handshake between the client and server in SSL/TLS operates as follows:

  1. Client sends a clientHello message to the server and the client’s random value and supported cipher suites
  2. The server sends a serverhello message to the client and the server’s random value
  3. The server sends its certificate to the client for authentication and may request a certificate from the client.
  4. The server sends serverHelloDone message
  5. If the server requested a certificate from the client, then the client sends it
  6. The client creates a random Pre-Master Secret and encrypts it with the public key from the server’s certificate
  7. The client sends the encrypted Pre-Master Secret to the Server
  8. The server and the client each generate the Master Secret and session keys based on the Pre-Master Secret
  9. The client sends the ChangeCipherSpec notification to the server to begin using the session keys for hashing and encrypting data.
  10. The client sends the clientFinished message.
  11. The server gets the ChangeCipherSpec and switches to symmetric encryption using the session key.
  12. The server sends serverFinished message.
  13. The client and server can now exchange application data using the symmetric encryption and session key.

TLS/SSL also has a process for resuming a session:

  1. The client sends a clientHello message using the Session ID of the session to be resumed
  2. The server checks its cache for the Session ID, if it finds it, then the session is resumed by sending a serverHello Message to the client with the Session ID. Otherwise a completely new handshake is performed
  3. If the Session ID was found, then the handshake resumes at step 9.

<http://msdn.microsoft.com/en-us/library/windows/desktop/aa380513%28v=vs.85%29.aspx>

<http://technet.microsoft.com/en-us/library/cc785811%28v=ws.10%29>

Comments