SSL Handshake: A Process for Secure Communication between Client and Server

Verified

Added on 2023/06/07

AI Summary

SSL Handshake is a process that enables secure communication between client and server. It involves steps like client hello message, server certificate, secret key generation, and more. This article explains the importance of SSL protocol and the steps involved in the SSL Handshake process.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Cyber-security

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Cyber security
SSL Handshake
The SSL stands for secure sockets layer that uses a form of public key encryption
along with symmetric key to communicate. It is a way through which a secure
communication takes place between client and server (Kanekar & Udupa, 2014). SSL
protocol is used to validate the identity of users and assure that authenticated communication
takes place. It is called a handshake as it is the first time both client and server communicates
with ach other. The handshake is a process in which client and server identifies the
authentication of each other and generates a secret key so that secure communication path is
established (Tang, Zeng, Chen & Ye, 2017). It can be said as a simple communication
between two parties that are ready to accomplish the same task together. It can be said as a
time when both the parties negotiate and agree on same terms and conditions before starting
the communication. In the SSL handshake protocol it is identified which cipher suite is used
to encrypt the information. It supports in building a secure communication path before
starting with actual transfer.
Process through which server and client ensure the connection
There are certain steps that are used to enable a secure communication path between client
and server. The steps undertaken are:
 Initially client sends a hello message to the server with whom he wants to establish a
communication (Sslsecurity, 2017). The message covers the information regarding
version, order of preferences and the cipher suites that are preferred. It also includes
the data compression method that is used by client.
1 | P a g e

Cyber security
 The server receives the hello message and also sends digital certificate so that client
could be authenticated. It future sends CAs that is certified authorities in a client
certificate request (Pukkawanna, Blanc, Garcia-Alfaro,Kadobayashi & Debar, 2014).
 Later, client verifies the certificate request by offering an confidential and
authenticated path
 Now, both client and server compute the secret key that could be used by them to
encrypt their confidential data
 Then clients send the data over the network that could be decrypted only by the secret
key. Apart from that, the information that is send over the network is encrypted by the
server public key
 The client certificate is verified by the server making sure that path is authenticated.
Future, server sends a finish message to the client indicating the handshake has been
done
 Once the handshake is complete, client and server can start with their exchange of
information.
Thus, the overall scenario can be summarised as a communication between client and server
to establish a secure communication path. At first, clients send an initial message that
includes all the cipher suites. After that server responds by sending back a random and SSL
certificate that is private key (Pukkawanna, Blanc, Garcia-Alfaro,Kadobayashi & Debar,
2014). Once the certification is verified by the client, it generates public key by the means of
pre master. The server then verifies the public key and then decrypted key be transferred to
the server. Once the secret keys are exchanged a secure communication can take place
(Sslsecurity, 2017).
2 | P a g e

Cyber security
Diagrams
3 | P a g e

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Cyber security
References
Kanekar, T., & Udupa, S. (2014). U.S. Patent No. 8,793,486. Washington, DC: U.S. Patent
and Trademark Office, 55-90.
Pukkawanna, S., Blanc, G., Garcia-Alfaro, J., Kadobayashi, Y., & Debar, H. (2014,
September). Classification of SSL servers based on their SSL handshake for
automated security assessment. In Building Analysis Datasets and Gathering
Experience Returns for Security (BADGERS), 2014 Third International Workshop
on (pp. 30-39). IEEE.
Sslsecurity. (2017). The SSL/TLS handshake process simplified like never before. Retrieved
from https://cheapsslsecurity.com/blog/what-is-ssl-tls-handshake-understand-the-
process-in-just-3-minutes/.
Tang, Z., Zeng, X., Chen, J., & Ye, X. (2017, October). SSL transmission delay optimization
in multi-core processor based on network path delay prediction. In Communication
Technology (ICCT), 2017 IEEE 17th International Conference on (pp. 1012-1018).
IEEE.
4 | P a g e

1 out of 5

+13062052269

info@desklib.com

SSL Handshake: A Process for Secure Communication between Client and Server

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

SSL/TLS VPN Technologies for Secure Network Connection

TLS/SSL Handshake with RSA and DHE - Desklib

Wireshark Lab: SSL v7.0

Importance of VPN in Organizations

VPN Technologies and Security

Hybrid Encryption