Posts

TLS encryption and authentication protocol that protects internet communication. TLS handshake is a process that secures a connection with a server using asymmetric cryptography. Websites using a TLS certificate can leverage the HTTPS protocol to connect safely to the server. This blog has the TLS handshake explained in detail, including the TLS handshake steps, working methodology, and more.

What is a TLS Handshake?

Like the handshake we do in real life, the TLS handshake is an introduction. It indicates safe communication between two servers where messages are exchanged to acknowledge each other, verify each other, set up cryptographic codes, and agree on session keys. 

The TLS handshake process starts with the initial ‘Hello’ and continues to the stage where a client and server can talk over a secured connection. 

How Does TLS Handshake Work?

Now that you know what is a TLS handshake, let’s see how it works.

So, the TLS handshake process works only when a TLS certificate is set up on the server for a website or application. This certificate includes important details about the domain owner and server’s public key to confirm the server’s identity. This sequential process established a TLS connection. So, whenever a user requests to access a TLS-enabled website, the TLS handshake between their device and the web browser begins and exchanges the following set of details: 

  • TLS version used (TLS 1.0, 1.2, 1.3, etc.).
  • Evaluate the encryption suites to be used.
  • Verification of the server’s identity using the TLS certificate.
  • Once the initial handshake process is complete, a session key is generated to encrypt messages between the client and server.

The TLS handshake establishes a cipher suite for all communications. The cipher suite is described as a set of algorithms used in establishing a secure communications connection. An important role of TLS handshake is determining which cipher suite will be used. TLS sets matching session keys across an unencrypted channel using public-key cryptography. 

Handshake also verifies the genuineness of the sender by checking the server using public keys. Public keys are one-way encryption keys which means that no one except the original sender can decrypt the encrypted data. The original sender uses their private key to decrypt data. 

TLS handshake failed means the connection is terminated, and the client sees a ‘503 Service Unavailable’ error message. 

TLS vs SSL Handshakes

SSL stands for Secure Sockets Layer, the original security protocol produced for HTTP. SSL was replaced by TLS and SSL handshakes are now termed as TSL handshakes.

When Does a TLS Handshake Occur?

The browser queries the website’s origin server whenever a user requests to navigate a website over a secured connection. It also occurs when any other communication channel uses HTTPS. This includes API calls and DNS over a secured network.

Steps of a TLS Handshake

TLS handshake steps consist of a series of datagrams, or messages, transferred between the client and server. The precise steps will differ depending on the type of key exchange algorithm used and the cipher suites supported by both sides. Here’s what you can expect.

Step 1: The ‘Client Hello’ Message

The client’s server starts the TLS handshake process by sending a ‘hello’ message to the website’s main server. The message consists of important details like the TLS version and cipher suites supported, and some random bytes called the “client random”.

Step 2: The ‘Server Hello’ Message

The server replies to the client’s hello message by sending a response having an SSL certificate, the server’s chosen cipher suite, and the ‘server random’ string generated by the server. 

Step 3: Authentication

In this TLS handshake step, the client confirms the server’s SSL certificate with the issuing authority. This is done to verify that the server is genuine and that the client is communicating with the domain owner.

Step 4: The Premaster Secret

Premaster secret, which is another random string of bytes, is sent by the client. It’s encrypted with a public key and can be decrypted using a private key by the server. 

Step 5: Private Key Used

The premaster secret gets decrypted by the server.

Step 6: Session keys Created

Client and servant create session keys from the client random, server random, and the premaster secret. The result of all three should be the same.

Step 7: Client is Ready

The client sends a session-key encrypted “finished” message.

Step 8: Server is Ready

The server sends a session-key encrypted “finished” message. 

Step 9: Secure Symmetric Encryption Achieved 

This is the last TLS handshake step. After its completion, the communication continues using the session keys.

TLS 1.3 Handshake- What’s the Difference?

TLS 1.3 doesn’t support RSA; hence the steps are slightly different.

Client Hello

The client sends the “Client Hello’’ message that includes the protocol version, client random, and a list of cipher suites. The number of cipher suites decreases as there’s no support for cipher suites in TLS 1.3 version. 

This message also contains parameters used for evaluating the premaster secret. This reduces the handshake’s length, which is the primary difference between TLS 1.3 handshakes and TLS 1.0, 1.1, and 1.2 handshakes. 

Server Creates Master Secret

In this step, the server receives the client’s random and the client’s parameters and cipher suites. As it produces its own server random, it generates the master secret.

Server Hello and Finished

Server hello contains the server certificate, cryptographic signature, server random, and chosen cipher suite. It also sends a “finished” message as it’s has the master secret. 

Final Steps and Client Finished

Client verifies signature and certificate, generates master secret, and sends “Finished” message.

Secure Symmetric Encryption Achieved

After the TLS handshake is completed, the communication continues using the session keys.

How to read TLS reports?

TLS reports can provide valuable information on misaligned TLS handshakes during MTA-STS authentication, along with deliverability issues. PowerDMARC’s TLS-RPT offers reports in a human readable format that is parsed from original JSON files. 

To read TLS reports starting today, start you free trial with us!

Why Should Business and Web Applications Use TLS Handshake?

TLS handshake protects web applications from infractions and other cyberattacks as HTTPS is the secured version of HTTP extension. Websites having TLS certificate can leverage the HTTPS protocol to safely connect to the users. Its aim is to protect sensitive details like personal data, financial data, login credentials, etc.