Understanding the TLS 1.2 Handshake Process: Secure Your Online Connections

When you visit a website or make an online purchase 🛍️, your personal information travels across the internet 🌐. But how do you ensure that this information is safe from hackers or unwanted eyes 🔒? The answer is TLS 1.2 handshake, a process that creates a secure connection between your browser and the website you are connecting to.

In this blog, we will explain how the TLS 1.2 handshake works in simple terms and why it is important for your online security. 🔑

TLS vs. SSL handshakes

SSL, or Secure Sockets Layer, was the original security protocol developed for HTTP 🌐. SSL was replaced by TLS, or Transport Layer Security, some time ago. SSL handshakes are now called TLS handshakes, although the “SSL” name is still in wide use.

What is the TLS 1.2 Handshake?

The TLS 1.2 handshake is a security process 🔐that happens every time your browser connects to a secure website (indicated by HTTPS). The handshake makes sure that the connection is safe and that your data cannot be intercepted or altered by anyone🚫.

Here are the main steps involved in the TLS 1.2 handshake:

Step 1: ClientHello – Starting the Conversation 👋💬

When a client (your browser) attempts to initiate a secure connection to a server(website), it sends a ClientHello message. This message includes:

• TLS Version Support: Lists the versions of TLS (e.g., TLS 1.2, TLS 1.3) the client supports. The server will choose the highest version it also supports.
• Cipher Suites: A list of cryptographic algorithms (like AES, RSA, etc.) the client is willing to use. These cipher suites define the encryption and hashing methods to ensure data security during communication.
• Random Data: The client generates random data that will be used later to create keys.
• Session ID: If the client has a cached session with the server, it can propose the session ID to resume a previous session and save time in future handshakes.

The message essentially establishes the supported methods and capabilities, initiating the negotiation for a secure connection.

---

Step 2: ServerHello – The Server Responds 🖥️🤝

In response to ClientHello, the server replies with a ServerHello message. This message includes:

• Chosen TLS Version: The server picks the highest TLS version both the client and the server support.
• Chosen Cipher Suite: From the list of cipher suites provided by the client, the server selects one that it supports and is capable of using. This selection is crucial for ensuring the encryption method is mutually agreed upon.
• Server Random Data: The server also sends random data, which will be used along with the client’s random data to generate key material later.
• Session ID: If the server has an existing session with the client, it may send the session ID to resume the session without starting a full handshake.

This exchange establishes the terms for encryption and identifies the parameters for the secure connection.

---

Step 3: Server Sends its Digital Certificate 📜🔏

The server then sends its digital certificate to the client. This certificate contains:

• Server’s Public Key: This key will be used by the client to encrypt the premaster secret (a critical part of the handshake process).
• Issuer Information: Identifies the Certificate Authority (CA) that issued the certificate, establishing trust in the server’s identity.
• Validity Period: The certificate’s start and end dates.
• Subject Information: Details of the server, such as the domain name it represents.
• Digital Signature: The certificate is signed by the Certificate Authority (CA) to prove its authenticity.

The certificate ensures that the client is communicating with the intended server and not an imposter.

---

Step 4: Client Verifies the Server’s Certificate ✅🔒

Upon receiving the server’s certificate, the client:

• Checks the Validity: Verifies if the certificate is within its validity period and if it has been revoked.
• Authenticates the Issuer: Ensures that the certificate is signed by a trusted Certificate Authority (CA).
• Checks the Domain Name: Confirms that the certificate matches the server’s domain name.
• Establishes Trust: If all checks are valid, the client trusts the server’s identity and continues the handshake. Otherwise, it may display a warning or abort the connection.

This step prevents man-in-the-middle (MITM) attacks by ensuring the server’s legitimacy.

---

Step 5: Premaster Secret – Sharing a Secret Key 🗝️🔐

To securely establish a session key, the client generates a premaster secret (a random value) and encrypts it with the server’s public key, obtained from the server’s certificate.

• Encryption: The client encrypts the premaster secret using the server’s public key. Only the server can decrypt this secret using its private key.
• Sending the Secret: The encrypted premaster secret is sent back to the server.

The server, upon receiving the encrypted premaster secret, uses its private key to decrypt it.

---

Step 6: Creating the Session Key 🔑🔑

After both the browser and the server have the same premaster secret (which is a special key they both share), they each use this secret along with two random numbers (one from the browser and one from the server) to create the session key.

Here’s how it works:

1. Premaster Secret: The premaster secret is the starting point. It is like a base secret that both the browser and server know.
2. Client Random and Server Random: Both the browser and the server generated random numbers earlier in the handshake (called client random and server random). These random numbers help in making the session key more secure and different each time.
3. Key Derivation: Using the premaster secret and both random numbers, the browser and server each apply a special mathematical formula. This formula combines the premaster secret with the client and server random values to generate the same session key.
4. Session Key: The result of this process is a session key, which is a unique key that will be used to encrypt and decrypt the messages exchanged during the session. Both the browser and server will use this key to keep the data safe from others.

So, the session key is created by mixing the premaster secret with the random numbers, ensuring that only the browser and server can create the same key and communicate securely.

---

Step 7: Secure Communication 🛡️

After the session key is established, the handshake concludes, and secure communication begins. Both the client and server:

• Exchange Finished Messages: The client and server exchange “Finished” messages, which are cryptographically hashed and include a checksum of the handshake messages to verify integrity.
• Data Encryption: From this point onward, all data exchanged between the client and server is encrypted using the session key. This ensures that sensitive information, such as passwords or payment details, remains private and secure.

This step marks the establishment of a fully encrypted communication channel, and the server and client can now exchange data securely.

---

Why the TLS 1.2 Handshake Matters

The TLS 1.2 handshake is important because it:

• Authenticates the server and ensures you are not connecting to a fake website.
• Encrypts the data, making sure no one can read it while it travels across the internet.
• Protects the integrity of the data, meaning it cannot be changed or tampered with during transmission.

Without the TLS 1.2 handshake, your sensitive information could be exposed to hackers.

Final Thoughts on TLS 1.2 Handshake

Now that you understand how the TLS 1.2 handshake works, you can feel more confident about the security of your online activities. Every time you make an online purchase, log into your email, or check your bank account, the TLS 1.2 handshake is there, protecting your data.

If you want to see the TLS handshake diagram or analyze the handshake process using Wireshark, you can dig deeper into how this secure process happens in real-time.

What is different about a handshake in TLS 1.3?

TLS 1.3 is much better for security and speed. It removes old, weak methods like RSA that can be easily attacked. The handshake process is faster, which makes connecting quicker and safer. Overall, it’s a good update because it keeps things secure and improves speed for users.

If you want to understand more about the TLS 1.3 handshake, have a look at our blog here.