The process of establishing a secure SSL/TLS connection involves several steps. SSL/TLS security protocols use a combination of asymmetric and symmetric encryption. The client and the server must negotiate the algorithms used and exchange key information.
For the purpose of explaining this complex process, we use a TLS 1.2 connection, not the most recent TLS 1.3 protocol. The process used in TLS 1.2 was almost the same for all previous versions of SSL/TLS. However, it was greatly simplified in the latest version of Transport Layer Security.
The most important part of establishing a secure connection is called the handshake. During the TLS Handshake, the server and the client exchange important information used to determine connection properties. This example is based on a web browser handshake, but the same applies to all other SSL/TLS handshakes.
Step 1: Client Hello (Client → Server)
First, the client sends a Client Hello to the server. The Client Hello includes the following information.
Client Version
The client sends a list of all the TLS/SSL protocol versions that it supports with the preferred one being first on the list. The preferred one is usually the latest available version. For example, TLS 1.2 has a client_version 3,3. This is because TLS 1.0 is treated as a minor revision of Secure Sockets Layer (SSL 3.0), so TLS 1.0 is 3,1, TLS 1.1 is 3,2, and so on.
Client Random
This is a 32-byte random number. The client random and the server random are later used to generate the key for encryption.
In the original TLS 1.2 specification, the first 4 bytes were supposed to represent the current date and time of the client (in epoch format) and the remaining 28 bytes was supposed to be a randomly generated number. However, IETF later recommended against it.
Session ID
This is the session id to be used for the connection. If the session_id is not empty, the server searches for previously cached sessions and resumes that session if a match is found.
compression_methods
This is the method that is going to be used for compressing the SSL packets. By using compression, we can achieve lower bandwidth usage and therefore, faster transfer speeds. Later on this article we will see why using compression is risky.
Cipher Suites
Cipher suites are combinations of cryptographic algorithms. Typically, each cipher suite contains one cryptographic algorithm for each of the following tasks: key exchange, authentication, bulk (data) encryption, and message authentication. The client sends a list of all the cipher suites that it supports in order of preference. This means that the client would ideally prefer the connection to be established using the first cipher suite sent.
Cipher suites are identified by strings. A sample cipher suite string is: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256. This string contains the following information:
TLS is the protocol being usedECDHE is the key exchange algorithm (Elliptic curve Diffie–Hellman)ECDSA is the authentication algorithm (Elliptic Curve Digital Signature Algorithm)AES_128_GCM is the data encryption algorithm (Advanced Encryption Standard 128 bit Galois/Counter Mode)SHA256 is the Message Authentication Code (MAC) algorithm (Secure Hash Algorithm 256 bit)
Compression Methods
This is a list of method that is going to be used for compressing data (before encrypting it). If you use compression, you can lower bandwidth usage and speed up transfers. However, compression is risky and recommended against: see information on CRIME and BREACH attacks.
Extensions
The client can request additional functionality for the connection. This can be done via extensions such as supported groups for elliptic curve cryptography, point formats for elliptic curve cryptography, signature algorithms, and more. If the server cannot provide the additional functionality, the client may abort the handshake if needed.
Here’s what an actual Client Hello looks like in a Wireshark capture.
Step 2: Server Hello (Server → Client)
After the server receives the Client Hello, it replies with a Server Hello. A Server Hello may either contain selected options (from among those proposed during Client Hello) or it may be a handshake failure message.
Server Version
The server selects the preferred version of the SSL/TLS protocol from among those presented by the client.
Server Random
This is a 32-byte random number. The server random and the client random are later used to generate the encryption key.
In the original TLS 1.2 specification, the first 4 bytes were supposed to represent the current date and time of the client (in epoch format) and the remaining 28 bytes was supposed to be a randomly generated number (just like in the case of Client Random). However, IETF later recommended against it.
Session ID
If the client Session ID was not empty, the server searches for previously cached sessions and if a match is found, that session ID is used to resume the session. If the client Session ID was empty, a new session may be created by the server and sent in the server Session ID.
Cipher Suites
The server selects the cipher suite from among Cipher Suites sent in the Client Hello.
Compression Methods
The server selects the compression method from among Compression Methods sent in the Client Hello.
Step 3: Server Certificate (Server → Client)
The server now sends a signed TLS/SSL certificate that proves its identity to the client. It also contains the public key of the server.
Step 4: Client Certificate (Client → Server, Optional)
In rare cases, the server may require the client to be authenticated with a client certificate. If so, the client provides its signed certificate to the server.
Step 5: Server Key Exchange (Server → Client)
The server key exchange message is sent only if the certificate provided by the server is not sufficient for the client to exchange a pre-master secret. (This is true for DHE_DSS, DHE_RSA, and DH_anon).
Step 6: Server Hello Done (Server → Client)
The server sends this to the client to confirm that the Server Hello message is finished.
This is what a Server Hello looks like in a Wireshark capture.
Step 7: Client Key Exchange (Server → Client)
The Client Key Exchange message is sent right after the Server Hello Done is received from the server. If the server requests a Client Certificate, the Client Key Exchange is sent after that. During this stage, the client creates a pre-master key.
Pre-Master Secret
The pre-master secret is created by the client (the method of creation depends on the cipher suite) and then shared with the server.
Before sending the pre-master secret to the server, the client encrypts it using the server public key extracted from the certificate provided by the server. This means that only the server can decrypt the message since asymmetric encryption (key pair) is used for the pre-master secret exchange.
This is what the key exchange looks like in a Wireshark capture (using Diffie–Hellman).
Master Secret
After the server receives the pre-master secret key, it uses its private key to decrypt it. Now, the client and the server compute the master secret key based on random values exchanged earlier (Client Random and Server Random) using a pseudorandom function (PRF). A PRF is a function used to generate arbitrary amounts of pseudorandom data.
master_secret = PRF(pre_master_secret, "master secret", ClientHello.random + ServerHello.random) [0..47];
The master secret key, which is 48 bytes in length, will then be used by both client and server to symmetrically encrypt the data for the rest of the communication.
The client and the server create a set of 3 keys:
- client_write_MAC_key: Authentication and Integrity check
- server_write_MAC_key: Authentication and Integrity check
- client_write_key: Message encryption using symmetric key
- server_write_key: Message encryption using symmetric key
- client_write_IV: Initialization Vector used by some AHEAD ciphers
- server_write_IV: Initialization Vector used by some AHEAD ciphers
Both Client and Server will use the master secret to generate the sessions keys which will be to encrypt/decrypt data.
Step 8: Client Change Cipher Spec (Client → Server)
At this point, the client is ready to switch to a secure, encrypted environment. The Change Cipher Spec protocol is used to change the encryption. Any data sent by the client from now on will be encrypted using the symmetric shared key.
This is what Change Cipher Spec looks like in a Wireshark capture.
Step 9: Client Handshake Finished (Client → Server)
The last message of the handshake process from the client signifies that the handshake is finished. This is also the first encrypted message of the secure connection.
Step 10: Server Change Cipher Spec (Server → Client)
The server is also ready to switch to an encrypted environment. Any data sent by the server from now on will be encrypted using the symmetric shared key.
Step 11: Server Handshake Finished (Server → Client)
The last message of the handshake process from the server (sent encrypted) signifies that the handshake is finished.
To recap, the following illustrates a typical handshake.
The TLS Handshake in TLS 1.3
In TLS 1.2 and earlier, the TLS handshake needed two round trips to be completed. The first round trip was the exchange of hellos and the second one was the key exchange and changing the cipher spec. In TLS 1.3, this process is streamlined and only one round trip is needed. TLS 1.3 also no longer supports TLS compression.
In TLS 1.3, when the client sends its hello, it immediately guesses the key agreement protocol that the server will most likely select. At the same time, it shares its key using the guessed protocol. The server’s hello message also contains the shared key, the certificate, and the server finished message. There is no need for cipher change because after the exchange of hellos both parties already have all that they need to encrypt communication.
TLS Security 1
Learn about what SSL/TLS is, where is it used, and why was it introduced.
TLS Security 2
Learn about the history of SSL/TLS and protocol versions: SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2.
TLS Security 3
Learn about SSL/TLS terminology and basics, for example, encryption algorithms, cipher suites, message authentication, and more.
TLS Security 4
Learn about SSL/TLS certificates, certificate authorities, and how to generate certificates.
TLS Security 6
Learn about TLS vulnerabilities and attacks such as POODLE, BEAST, CRIME, BREACH, and Heartbleed.
Frequently asked questions
In a TLS connection, the client and the server first agree upon the version of TLS that they are going to use, which is the highest that both support. Then, they agree upon cipher suites that they are going to use. Finally, they establish a common key for encryption and the data transfer can begin.
See an illustrated guide that explains how a TLS connection is established.
TLS uses a mixture of symmetric and asymmetric encryption. First, it uses asymmetric encryption to establish a key, which is then used for symmetric encryption. TLS does not use asymmetric encryption for the entire process because symmetric encryption is much more efficient and once a secure key is established, the process is completely safe.
Understand the differences between symmetric and asymmetric encryption.
Cipher suites are sets of encryption algorithms. TLS can use many different encryption algorithms for different purposes. When a connection is established, the client and the server must exchange information about the algorithms that they support and select the best ones. A cipher suite always includes four different algorithms for four purposes: the key exchange algorithm, the authentication algorithm, the data encryption algorithm, and the Message Authentication Code (MAC) algorithm.
Learn how to configure your server to select the safest cipher suites.
In TLS 1.3, the connection has been greatly simplified to make the process more efficient. It requires less time and data to establish, which can improve web server efficiency. TLS 1.3 also does not support TLS compression, which has been supported by TLS 1.2.
See an illustrated guide to establishing a TLS 1.3 connection.
Get the latest content on web security
in your inbox each week.
THE AUTHOR
Agathoklis Prodromou
Web Systems Administrator/Developer
Akis has worked in the IT sphere for more than 13 years, developing his skills from a defensive perspective as a System Administrator and Web Developer but also from an offensive perspective as a penetration tester. He holds various professional certifications related to ethical hacking, digital forensics and incident response.
Related Posts:
- TLS Security 3: SSL/TLS Terminology and BasicsRead more
- TLS Security 1: What Is SSL/TLSRead more
- TLS Security 2: A Brief History of SSL/TLSRead more
FAQs
The client sends a "ClientHello" message, which lists the versions of SSL/TLS the client is capable of, what ciphersuites it has available, and any compression types available. The server responds with the same information as the client, and sends the server's certificate back to the client as well.
How do you fix a TLS problem? ›
How to troubleshoot TLS handshake issues
- Method #1: Update your system's date and time.
- Method #2: Fix your Browser's configuration to match the Latest TLS Protocol Support.
- Method #3: Check and Change TLS Protocols [in Windows]
- Method #4: Verify Your Server Configuration [to Support SNI]
Difference between connection and session is that connection is a live communication channel, and session is a set of negotiated cryptography parameters.
How TLS works step by step? ›
The client contacts the server using a secure URL (HTTPS…). The server sends the client its certificate and public key. The client verifies this with a Trusted Root Certification Authority to ensure the certificate is legitimate. The client and server negotiate the strongest type of encryption that each can support.
How do I establish a TLS connection? ›
TLS Security 5: Establishing a TLS Connection
- Step 1: Client Hello (Client → Server) ...
- Step 2: Server Hello (Server → Client) ...
- Step 3: Server Certificate (Server → Client) ...
- Step 4: Client Certificate (Client → Server, Optional) ...
- Step 5: Server Key Exchange (Server → Client) ...
- Step 6: Server Hello Done (Server → Client)
Enter the URL you wish to check in the browser. Right-click the page or select the Page drop-down menu, and select Properties. In the new window, look for the Connection section. This will describe the version of TLS or SSL used.
What causes TLS error? ›
A TLS/SSL handshake failure occurs if the protocol used by the client is not supported by the server either at the incoming (northbound) or outgoing (southbound) connection.
Why am I getting a TLS error? ›
An SSL/ TLS handshake error occurs when the client and server can't establish communication over the SSL/TLS protocol (usually due to a protocol mismatch).
Is TSL the same as SSL? ›
Transport Layer Security (TLS) is the successor protocol to SSL. TLS is an improved version of SSL. It works in much the same way as the SSL, using encryption to protect the transfer of data and information. The two terms are often used interchangeably in the industry although SSL is still widely used.
Is TLS the same as VPN? ›
In other words, IPsec VPNs connect hosts or networks to a protected private network, while SSL/TLS VPNs securely connect a user's application session to services inside a protected network. IPsec VPNs can support all IP-based applications. To an application, an IPsec VPN looks just like any other IP network.
Simply put, it's up to you. Most browsers will allow the use of any SSL or TLS protocol. However, credit unions and banks should use TLS 1.1 or 1.2 to ensure a protected connection. The later versions of TLS will protect encrypted codes against attacks, and keep your confidential information safe.
What are the two main protocols of TLS? ›
TLS is composed of two layers: a record protocol, which provides a secure connection; and a handshake protocol, which allows the server and client to authenticate each other before exchanging any data.
What are the 3 main security purposes of TLS? ›
The TLS protocol aims primarily to provide security, including privacy (confidentiality), integrity, and authenticity through the use of cryptography, such as the use of certificates, between two or more communicating computer applications.
How does TLS work between client and server? ›
During the TLS handshake, the TLS client and server agree an encryption algorithm and a shared secret key to be used for one session only. All messages transmitted between the TLS client and server are encrypted using that algorithm and key, ensuring that the message remains private even if it is intercepted.
How do you check if TLS 1.1 or 1.2 is enabled? ›
How to check if TLS 1.2 is enabled? If the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\DisabledByDefault is present, the value should be 0.
Where is TLS certificate setup? ›
On the General tab, click Edit next to Certificate. In the Select Certificate dialog box, click the certificate from the list that you have bought for your Terminal Server Hostname. Click OK. In the Security layer list, select SSL: This security method requires TLS 1.0 to authenticate the server.
What port does TLS use? ›
TLS-encrypted web traffic is by convention exchanged on port 443 by default, while unencrypted HTTP uses port 80 by default. HTTPS remains an important use case for TLS.
What are the types of TLS? ›
There are three types of TLS certificates: Domain Validation (DV), Organization Validation (OV) and Extended Validation (EV).
How to implement SSL TLS? ›
Click SSL/TLS to enable SSL/TLS between the server and GUI. After setting up the certificate files, click Config to specify the path for key store and truststore files. File that contains the private keys and matching key certificates used for SSL and TLS sessions.
How do I update TLS settings? ›
The following tasks are needed for enabling TLS 1.2 on the site servers and remote site systems:
- Ensure that TLS 1.2 is enabled as a protocol for SChannel at the operating system level.
- Update and configure the . ...
- Update SQL Server and client components.
- Update Windows Server Update Services (WSUS)
In the Internet Options window on the Advanced tab, under Settings, scroll down to the Security section. In the Security section, locate the Use SSL and Use TLS options and uncheck Use SSL 3.0 and Use SSL 2.0. If they are not already selected, check Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2.
Can firewall block TLS? ›
SSL Control – As this refers to traffic (other than DPI-SSL decrypted sessions) passing through the firewall, the firewall blocks any TLS connection between origin client and origin server that uses/negotiates Cipher X.
What does it mean to enable TLS? ›
By enabling client and server applications to support TLS, it ensures that data transmitted between them is encrypted with secure algorithms and not viewable by third parties. Recent versions of all major web browsers currently support TLS, and it is increasingly common for web servers to support TLS by default.
Could not establish a secure SSL TLS connection to the requested server host? ›
The “Could not establish trust relationship for the SSL/TLS secure channel with authority” error means your browser doesn't trust the website. The most common reason is that the browser cannot verify the site's SSL certificate, meaning that it can't confirm its identity.
How do I find my TLS version on Windows Server? ›
Click Start or press the Windows key. In the Start menu, either in the Run box or the Search box, type regedit and press Enter. The Registry Editor window should open and look similar to the example shown below. Check the subkeys for each SSL/TLS version for both server and client.
Which is more secure SSL or TSL? ›
There is no question that TLS is better than SSL. In large part due to known security vulnerabilities, SSL is deprecated. Thus, SSL in 2019 and beyond is not a completely secure protocol. Instead, you should use TLS the more modern version of SSL.
Does TLS require a certificate? ›
An SSL/TLS web connection requires a TLS/SSL certificate but that certificate can be signed by anyone. It can even be self-signed (signed by the entity that created the certificate).
Can you use TLS without a certificate? ›
Without an SSL certificate, a website's traffic can't be encrypted with TLS. Technically, any website owner can create their own SSL certificate, and such certificates are called self-signed certificates.
Is TLS a firewall? ›
A firewall permits specific types of traffic while blocking unwanted traffic. TLS ensures that data exchanged between hosts is encrypted, so eavesdropping is not possible. A firewall won't encrypt traffic between nodes, and TLS won't stop unwanted traffic from reaching nodes.
Is TLS on server or client? ›
Client certificates tend to be used within private organizations to authenticate requests to remote servers. Whereas server certificates are more commonly known as TLS/SSL certificates and are used to protect servers and web domains.
Transport Layer Security (TLS) is the most widely used protocol for implementing cryptography on the web. TLS uses a combination of cryptographic processes to provide secure communication over a network. This section provides an introduction to TLS and the cryptographic processes it uses.
Is TLS always HTTPS? ›
HTTPS (Hyper Text Transfer Protocol Secure) is the secure version of HTTP where communications are encrypted by SSL/TLS. HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses, making it safer and more secure.
Should I use DNS over TLS or HTTPS? ›
DNS over TLS requests uses a distinct port, so anyone who's on the network level can find and even block them. DNS over HTTPS requests can stay hidden in encrypted traffic. DNS over TLS is a good option when the user doesn't want to deal with the clients, which are provided by DNS referrers/forwarders.
Why is TLS replacing SSL? ›
Yes, TLS is replacing SSL. And yes, you should use TLS instead of SSL. As you learned above, both public releases of SSL are deprecated in large part because of known security vulnerabilities in them. As such, SSL is not a fully secure protocol in 2019 and beyond.
What is an example of TLS? ›
Common applications that employ TLS include Web browsers, instant messaging, e-mail and voice over IP.
Is TLS layer 4 or layer 5? ›
Because TLS operates at Layers 4 through 7 of the OSI model, as opposed to Layer 3, which is the case with IPsec, each application and each communication flow between client and server must establish its own TLS session to gain authentication and data encryption benefits.
How many layers are in TLS? ›
The TLS and SSL protocols can be divided into two layers. The first layer consists of the application protocol and the three handshaking protocols: the handshake protocol, the change cipher spec protocol, and the alert protocol. The second layer is the record protocol.
Which protocols use TLS? ›
SSL and TLS are commonly used by web browsers to protect connections between web applications and web servers. Many other TCP-based protocols use TLS/SSL as well, including email (SMTP/POP3), instant messaging (XMPP), FTP, VoIP, VPN, and others.
How do I enable TLS on server? ›
Method 1 : Enable TLS 1.2 and TLS 1.3 manually using Registry
- Open regedit utility. ...
- Create New Key. ...
- Rename the Registry Key 'TLS 1.2' ...
- Create One More Registry Key 'Client' underneath 'TLS 1.2' ...
- Create New Item 'DWORD (32-bit) Value' Underneath 'Client', select 'New'
There are three tasks for enabling TLS 1.2 on clients:
- Update Windows and WinHTTP.
- Ensure that TLS 1.2 is enabled as a protocol for SChannel at the operating system level.
- Update and configure the . NET Framework to support TLS 1.2.
SSL and TLS use a combination of symmetric and asymmetric encryption to ensure message privacy. During the SSL or TLS handshake, the SSL or TLS client and server agree an encryption algorithm and a shared secret key to be used for one session only.
How does TLS server authentication work? ›
How TLS provides authentication. For server authentication, the client uses the server's public key to encrypt the data that is used to compute the secret key. The server can generate the secret key only if it can decrypt that data with the correct private key.
How is data sent using TLS? ›
TLS uses encryption to ensure privacy, so that other parties can't eavesdrop or tamper with the messages being sent. Using TLS, a secure connection is established by authenticating the client and server, or User Agent Client and User Agent Server, and then encrypting the connection between them.
What does TLS certificate provide? ›
An SSL/TLS certificate is a digital object that allows systems to verify the identity & subsequently establish an encrypted network connection to another system using the Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocol.
How can I tell if TLS is enabled on my server? ›
How to identify if an SSL/TLS protocol is enabled/disabled
- Click Start or press the Windows key.
- In the Start menu, either in the Run box or the Search box, type regedit and press Enter. ...
- Navigate to follow the registry path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols.
The Transport Layer Security protocol, also known as TLS, is used to encrypt data transfer over the Internet. TLS is primarily used to encrypt communications between servers and applications, but it is also used in encrypting emails, messages, etc.
How do I generate a TLS certificate and key? ›
Procedure
- Write down the Common Name (CN) for your SSL Certificate. ...
- Run the following OpenSSL command to generate your private key and public certificate. ...
- Review the created certificate: ...
- Combine your key and certificate in a PKCS#12 (P12) bundle: ...
- Validate your P2 file. ...
- In the Cloud Manager, click. ...
- Select TLS.
It's a three part process to confirm the integrity of a key pair:
- Verify the integrity of a private key - that has not been tampered with.
- Verify the modulus of both private and public key match.
- Successfully perform encryption with public key from certificate and decryption with private key.
How do I get an SSL certificate? TLS/SSL certificates are issued by trusted Certificate Authorities like DigiCert. You can purchase a TLS/SSL certificate from DigiCert at order.digicert.com or by logging into the CertCentral certificate management platform and creating a profile.
How do I check my TLS certificate? ›
Here's how to do it.
- Open Chrome Developer Tools. The quickest way there is with a keyboard shortcut: OS. Keyboard. Shortcuts. Windows and Linux. Ctrl + Shift + i. F12. Mac. ⌘ + Option + i. ...
- Select the Security tab. If it is not shown, select the >> as shown below.
- Select View Certificate.
To test that your SSL/TLS configuration works correctly, you can use self-signed certificates. Self-signed certificates are useful in test scenarios so that you can ensure SSL/TLS connectivity without paying a Certificate Authority (CA) for a certificate. See Creating test certificates for details.
Do I have TLS enabled? ›
In the Windows menu search box, type Internet options. Under Best match, click Internet Options. In the Internet Properties window, on the Advanced tab, scroll down to the Security section. Check the User TLS 1.2 checkbox.
Is TLS enabled by default? ›
TLS 1.2 is enabled by default at the operating system level.
