How HTTPs works
1.
Client make tcp
connection on destination port 443
2.
Ssl handshake process starts once tcp connection is established
a. Browser send the
CLIENT HELLO message
i. It contains
information like
1.
Highest version
of SSL supported by browser
2.
Compression
method that it supports
3.
Suite of cipher
it can user for encryption
4.
And random data
which can later use when generating symmetric key for session.
b.
Server response
with SERVER HELLO
It contains
1.
SSL version used
for session
2.
Cipher and
compression method that will be used
3.
Session id for
ssl session
4.
Random data used
for key generation process.
c.
Server then send
Digital certificate singed by CA
It serves for two purposes
1.
It contain public
key so that browser can use key to encrypt sent to server it can optionally
send chain of certificate beginning with certificate of authority that issued
the server certificate.
2.
It established
the identity of the server from which the web page is coming.
d.
Server sends
SERVER HELLO DONE message
e.
Browser respond
by sending CERTIFICATE VERIFY message that it has verified the certificate
f.
Browser then
sends CHANGE CIPHER SPEC command to server telling it now on data send to
server will be encrypted.
g.
After that
browser send FINISHED MESSAGE. This contains digest of message exchanged
between browser and server till now. This is done to ensure that none of the
information exchanged earlier is tampered during transit.
h.
Server responds
with CHANGE CIPHER SPEC message hinting browser that now on data send by server
will be encrypted.
i.
Server sends
FINISHED MESSAGE containing digest of all message between browser and server.
j.
Now we consider
SSL handshake to be complete
3.
Browser generate
symmetric secret key just to be used for this ssl session. It encrypt generated
key using public key of the serve and send it across to the server. This key
remains secret with browser and server.
Note: Reason for using symmetric key is
encryption and decryption using symmetric key is lighter then asymmetric key.