Rohit Writes
why https:// : TLS / SSL explained

why https:// : TLS / SSL explained

Rohit's photo
Rohit
·

5 min read

Have you ever visited any site and seen the settings in it. Or Have you noticed the https://. HTTP refers to Hypertext Transfer Protocol, which is a protocol for exchanging messages over the internet. But what does the s at the last means ? and why do sites like google.com has it ? Let’s Find out in this blog

Plain HTTP

The messages exchanged using the HTTP protocol are in plain text. These messages can be intercepted and altered by any middleman between the connection. This wasn’t a problem until sensitive information like payment details or account credentials started being exchanged over the web. If anyone in the middle can read the information, these sensitive details would also be exposed, making it possible for the attackers to access accounts, leading to many vulnerabilities.

Entry of HTTPS

HTTPS was introduced to address this issue. The S in HTTPS refers to secure. Now how does it become secure. Here is where the cryptographic protocols like TLS and SSL comes into play.

Introduction to TLS / SSL

TLS ( Transport Layer Security ) and SSL ( Socket Secure Layer ) are two cryptographic protocols that is used to protect the data during the exchange of it and secure the communication over the web. While SSL was the original protocol, TLS is now being widely adapted by websites. TLS is more secure and advanced form of SSL. Although, the term SSL is used to refer both TLS and SSL.

SSL Vs TLS

As mentioned SSL was the first protocol for secure communication over the web. But due to its various vulnerabilities it is no longer considered to be secure and has been declared deprecated.

TLS is the successor of SSL improving the security and minimizing the latency periods. TLS has also undergone various improvements through it’s various versions.

Working of SSL / TLS

SSL / TLS works on the combination of encryption, authentication and integrity to protect data. Here’s a explanation of the flow

  1. Encryption

    The data transferred through HTTPS is encrypted using specific encryption algorithms. This ensures that no middleman can read the data, keeping sensitive information private. Asymmetric encryption, involving public and private keys, is used during the handshake of TLS/SSL, while symmetric encryption (involving only one key) is used during the data transfer.

  2. Authentication

    Once the data has been transferred to the server, the server must also authenticate itself. This authentication happens through the use of certificates authorized and issued by trusted Certificate Authorities and the Public Key Infrastructure (PKI). This helps prevent information leakage to a "middle-man" that may be impersonating the server.

  3. Integrity

    SSL/TLS also ensures data integrity. This involves an encrypted hash, which changes if the state of the information being transferred is altered. This helps the server confirm that the information sent by the client is in its original state and has not been manipulated by a middleman.

TLS/ SSL handshake

The TLS/ SSL handshake is a phenomenon of establishing a secure connection between the server and the client. This happens after a successful TCP handshake. Following are the steps:

  1. Client Hello

    After a successful TCP handshake, the client sends a Client Hello message to the server including the TLS/ SSL version, list of cipher suites ( encryption algorithm ) supported, randomly generated session key, and a session ID.

  2. Server Hello

    After the server receives this it responds with Server Hello message telling the TLS/ SSL version and cipher suite that will be used along with a randomly generated number and the server’s TLS / SSL certificate.

  3. Certificate Exchange

    The SSL / TSL certificate as issued by trusted Certificate Authority (CA) is sent along with the Server Hello message and server public key. The client will verify the server authenticity by checking if it’s signed by trusted CA and whether the server domain matches the certificate.

  4. Key Exchange

    The client then generates a key, called pre-master key, encrypts it with the server public key( send in the previous step) and sends it back to the server. This way only the server can decrypt the key using the private key stored.

  5. Session Key generation

    Both the client and server uses this premaster key to generate a symmetric session key independently which is later used to encrypt and decrypt the actual data during the session.

  6. Client Finished

    The client then sends the finished message encrypted with the session key generated to indicate that the handshake has been successful

  7. Server Finished

    The server too responds with a finished message encrypted with it’s own session key to indicate the server side handshake success.

All of this roundtrips of information in the handshake may cause latency in establishing connection for information exchange. This challenge is solved by the newer version of TLS effectively by TLS 1.3

Summary

To summarize, TLS and SSL are both security protocols designed to ensure secure communication between a client and a server. SSL is the older protocol and has been deprecated, while TLS is the newer version with improvements. TLS/SSL works through a combination of encryption, authentication, and data integrity. The TLS/SSL handshake involves the client hello, server hello, certificate exchange, key generation and exchange, and ends with a finished message from both the client and the server.

If you find the blog helpful, feel free to drop a like and a follow.

ChaiCodeChaiaurcodeChaiCohorthttpsTLSSSLSSL Certificate