Go back

TLS 1.2

Published:  at  06:55 PM

Everytime we open a website and see a lock sign, we feel secure. This is because we know that the website can be trusted. Not only that, all the data that is sent over the internet is encrypted. This is possible due to TLS.

TLS is a network protocol that defines set of instructions that needs to be followed between a client and a server. These steps allows for a secure communication. TLS has multiple version, and today we will focus on TLS 1.2.

My favourite way to explain a network protocol is using a sequence diagram. So, let’s dive in.

Overview

Here is an bird’s eye view of TLS 1.2.

The key events in each section.

Greetings: The client and server agrees on a cipher and protocol.
Server Authentication: Client authenticates the server.
Key Exchange: The client and server exchange there public keys and generate the session key.
Secure Communication: Application data is transferred that is encrypted with session key.
Close: Client notifies to close the connection.

Now, we will go into the workings a little deep.

There are two primary funtionality that TLS provides server authentication, and encrypted communication.

Server Authentication

In message 1 and 2, the client and server agrees on the cipher and compressions. They also share a random value that is used later to create the session key. After that, in message 3 the server sends over the certificate. The client verifies the certificate is a valid and is from a trusted certificate authority (CA).

How do you know that certificate wan’t tampered? The certificate is created by the CA. They hash the certificate into a digest and create a digital signature by encrypting the digest using their private key. The server sends the digital signature with the certificate. The client can use the publicly available public key of the CA to decrypt the digital signature and match it with the digest. If they match, we know that the certificate wasn’t tampered.

Once we know the certificate wasn’t tampered, we can check it’s validity.

Now that we can trust the server, let’s continue our journey and see how TLS enables encrypted communication.

Encrypted Communication

The server generate the public and private keys and then share the public key with the client in Server Key Exchange. Server Hello Done indicates that server has finished it’s half of the handshake. After this, the client generates the public and private keys and share the public key with the server in Client Key Exchange.

Now, client has server’s public key and it’s own private key. The client uses this info to create the shared session key. Client Change Cipher Spec informs the server that further messages will be encrypted. Similarly, the server creates the session key using client’s public key and it’s private key. Server Change Cipher Spec informs the client that further messages will be encryted.

To verify that the hanshake process wasn’t tampered with, the client and server encrypts the verification data with the session key and send in the Client Handshake Finished and Server Handshake Finished messages.

Finally, the application data is transferred between the client and server that is encrypted using the shared session key.

When the client is ready to close the connection it send the Client Close Notify message.

Full Sequence Diagram

To further learn the TLS 1.2 where every byte is explained and reproduced, go to this article.

Share this post on:
Share this post via WhatsApp Share this post on Facebook Share this post on X Share this post via Telegram Share this post on Pinterest Share this post via email
Next Post
jq - a command line tool for JSON manipulation