What is an SSL handshake?

What is an SSL handshake?

This is an interview with one of the world's leading experts on Web security, Mark 'JT' Thomas.

JT has written a book, Web Security: From Attack to Defense (John Wiley & Sons, 2011) and has lectured at hundreds of colleges and universities around the world. He also runs a company called SecureData that develops cutting-edge SSL and OpenID-specific security tools. I first met JT on a sunny day in June in the heart of Silicon Valley, and over the course of several hours, we covered a wide array of topics from the history of SSL to how HTTPS websites become popular, to what makes JT a good lecturer, to how not to be scammed by some scammer who claims to be from John Doe Software.

What inspired you to start teaching and writing about Web security? I got into this whole business back in the late 90s when Netscape 1.0 was released and they were introducing these weird new 'secure' versions. For someone like me who was really into networking, this was all great stuff - but I had no clue how to protect my communications on the Internet. I remember one time a friend of mine called me up to tell me he was sending messages from someone who had gotten my IP address and username, was pretending to be me, and was asking me if I had a credit card. I was absolutely floored and wanted to know how I could secure my online communications. The first Web site I created was for 'The Unsafe Forum' where I just taught people to protect their privacy, and to use strong passwords that are hard to guess. Later on, when Web 2.0 started to come around, I realized that as much as everyone says it's the greatest thing ever, they're completely oblivious to the fact that once you're on the Internet, you have no idea who you're communicating with. There are over 2 million Web sites on the Internet, many of which use no encryption at all. That's why I got into this business.

Why do you think the term 'Web Security' is important for Internet users? 'Web Security' is a vague term.

What is TCP and SSL?

What You Will Need in the Start

The first thing that you will need to understand is a fundamental fact about how the Internet works; which is that its most important job is not to transport or route data.

The most important part of the Internet, from which the name Internet originates, is a communication protocol known as TCP/IP or Transmission Control Protocol/Internet Protocol. When you look at a picture, it's the pixels, the lines and the shades that makes it interesting; similarly, TCP/IP is the software code which is responsible for sending files across the world to each other at incredibly fast speeds.

TPCIP is a seven-layer protocol (4 in theory) used for transferring information over networks. It has the ability to carry out complex functions. For example, to send data over the internet, you can use the TCP/IP connection if you want data to be sent at a maximum rate of 1gbps. In the case of voice or video streaming, an additional technology must be used like STUN, SIP (the Session Initiation Protocol) and RTP (real time transmission protocol). Each layer has specific functions that it fulfills. Below is an outline of the seven layers, from top to bottom:

TCP Transport Control Protocol:This is the uppermost layer of the TCP protocol. It provides reliable data delivery.

IP Internet Protocol:This layer is the backbone of the network, which contains IP packets in many cases. This layer is responsible for routing traffic and creating datagrams, which is then handed over to the next layer.

UDP User Datagram Protocol:This is a type of transport layer protocol and it is used to deliver a large amount of data in the Internet for various applications and uses such as file transfer, chatting, audio and video streaming, email, gaming and browsing the internet etc. ICMP Internet Control Message Protocol:This is a standard protocol which works with networking protocols. It is used to monitor and maintain network services as well as to provide error reports.

ESP Encapsulating Security Payload:Specially developed for Internet security purposes, this protocol was introduced by RSA in 1993. It allows for security enhancements in data encryption in the packet.

TCP SYN, SYN/ACK

What is the difference between TCP and SSL handshake?

The answer seems obvious: for a client there's a TCP handshake and a SSL handshake.

When you see some website having the https protocol your browser usually does not care about what is there after the http:// prefix, but has to perform the TCP and SSL handshakes in order to be able to do something useful with the content.

The TCP handshake is only needed when you're talking on an ordinary TCP socket (think of a plain TCP socket as a plain TCP socket) and it's used by the client to know the parameters of the connection (namely the port number and the IP address). After a successful TCP handshake the client is able to talk to the server on that specific port over the established connection.

The SSL handshake is used to allow the client to identify the server when it presents its certificate to it. Is this true? Why there are both of them? For SSL/TLS it's true. For TCP it's not entirely true. A TCP socket has two states: listening and connected. When the client wants to open a TCP connection it uses the connect() function. This is not the same as an SSL handshake. What it does is that it sets up the socket to listen for a connection. It tells the kernel to wait until a remote host is ready to connect to it and then it gives it the address and port number of that remote host. The kernel then tells the client that the connection is set up, so the client can talk to the remote host. The remote host can now use the socket to talk back to the client.

At this point the connection is ready to accept incoming connections, but the socket has not yet become connected, so the client has not yet agreed on the parameters of the connection. The client needs to start sending and receiving data through the socket. If it sends something to the remote host, the remote host sends something back to the client. When the client acknowledges it receives the data it changes state from listening to connected. At this point both client and remote host are done setting up their own TLS session and they can start communicating.

If the client has to send data using the underlying TCP socket it has to close the socket first to ensure that the remote host knows the connection is not terminated. If the client starts sending data using a TLS connection it cannot close the TCP connection until the remote host acknowledges the message it just received.

Related Answers

All cells fall into one of the three domains of life, Bacteria, Archaea, and Eukarya. In the space below, describe any two similarities and any two differences between the cells of Bacteria and the cells of Archaea.

All cells fall into one of the three domains of life, Bacteria, Archaea, and Eukarya. In the space below, describe any two similarities and any two differences between the cells of Bacteria and the cells of Archaea.

We are talking about the Earth's three dif...

What is a TLS handshake?

What is a TLS handshake?

Enter your email address, and a link to reset your password will be emaile...

What are the cryptography types symmetric and asymmetric?

What are the cryptography types symmetric and asymmetric?

Symmetric: Symmetric encryption is encryption whe...