Through the TLS handshake, Cloudflare’s TLS encryption technology encrypts Internet connections and ensures information security. At Bobcares, with our Server Management Service, we handle your TLS/SSL-related issues, large or small.

TLS Handshake

TLS is an encryption protocol that uses the TLS handshake process to secure Internet communications. The two communicating sides exchange messages during a TLS handshake to recognize one another, confirm one another, decide on session keys, and specify the encryption techniques they will use. The client and server communicate with one another to acknowledge, confirm, decide on session keys, and set the encryption algorithms they will use during the process.

A TLS handshake occurs when:

• A user navigates to a website over HTTPS and the browser first begins to query the website’s origin server.
• Other communications use HTTPS, including API calls and DNS over HTTPS queries.

Working Of TLS Handshake On Cloudflare

The client and server will jointly pick which TLS version and cipher suites(a set of encryption algorithms for establishing a secure communications connection) to utilize during a TLS handshake. Additionally, verify the server’s identification using its public key and the digital signature of the SSL certificate authority. After the handshake is complete, client-server session keys are also produced in order to use symmetric encryption.

The same session keys are then derived independently by the client and server using the random data they exchange. Both sides send three kinds of randomly generated data.

1. The random string of bytes that the client sends to the server(client random).
2. The random string of bytes that the server sends to the client(server random).
3. A string of data the client generates and sends to the server encrypted with the public key (premaster secret).

TLS handshake uses asymmetric encryption to protect the server’s identity from hackers or to enable the server to digitally “sign” one of its messages so that the client can be sure it is who it says it is. The client uses the public key to decode some data that the server has encrypted using the private key, demonstrating that the server is trustworthy and possesses the right key.

TLS Handshake, A Step By Step Process.

The following are the steps involved in a TLS handshake:

1. The ‘client hello’ message: The client initiates the handshake by sending a “hello” message to the server.
2. The ‘server hello’ message: In reply to the client’s hello message, the server sends a reply message.
3. Authentication: In this step, the client confirms the identity of the server.
4. The premaster secret: The final random byte string, known as the “premaster secret,” is sent by the client. The server only decrypts the premaster secret using the private key after encrypting it along with the public key.
5. The private key used: The server decrypts the premaster secret.
6. Session keys created: Client and server both produce session keys using the premaster secret, client random, and server random. They need to reach the same conclusions.
7. The client is ready: The client sends a “finished” message that is encrypted with a session key.
8. The server is ready: The server sends a “finished” message encrypted with a session key.
9. Achieves secure symmetric encryption: When the handshake completes and communication continues using the session keys.

Although every TLS handshake uses asymmetric encryption, not every handshake will use the private key to create session keys. E.g., during an ephemeral Diffie-Hellman handshake.

[Seeking help for another query? We are happy to help you 24/7.]

Conclusion

We have seen a detailed explanation of the TLS handshake process by our Support team in this article, along with a step-by-step breakdown.