Networking
Q) How does HTTPS work?
Client sends a hello message to the server, stating the TLS version, supported ciphers for symmetrical communication after TLS termination, and a random number that will be used to generate symmetrical session key.
[Client Hello] TLS Version: 1.2 Supported Ciphers: - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - ... (many more) Client Random: 341E34E8A5BF01F9...Server responds with chosen cipher, and sends random message back to the client. Both
client randomandserver randomwill be used to generate symmetrical session key in later parts.[Server Hello] TLS Version: 1.2 Chosen Cipher: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Server Random: 852E9B34A9CD2B4..Server sends its certificate that contains its public key - this public key will be used by the client for encryption purposes. Public key contains information about how to encrypt a message as well. Messages encrypted by this public key can only be decrypted using server’s private key. Client does certificate checks using certificate chaining to find out if this certificate is legitimate.
[Certificate] ... Subject: example.com Issuer: DigiCert Inc. Public Key: ---BEGIN PUBLIC KEY--- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA... ---END PUBLIC KEY--- ...Client now has its own random key and server random key - using these, client generates
pre-master keyand encrypts it using the public key of the server. And then sends it to the server.
[Client Key Exchange]
Encrypted Pre-Master Secret: 91AB7C56... (This is unreadable without the server's private key)
- Server decrypts the
pre-master keyusing its private key - and the rest of the communication will be encrpyted/decrypted using themaster keythat is derived frompre-master-key.