SECURITY TOPICS

How Does SSL/TLS Work? 
What Is An SSL/TLS Handshake?

SSL/TLS are protocols used for encrypting information between two points. It is usually between server and client, but there are times when server to server and client to client encryption are needed. This article will focus only on the negotiation between server and client.

The Standard SSL Handshake

The following is a standard SSL handshake when RSA key exchange algorithm is used:

1.  Client Hello

Information that the server needs to communicate with the client using SSL. This includes the SSL version number, cipher settings, session-specific data.

4.  Decryption and Master Secret

Server uses its private key to decrypt the pre-master secret. Both Server and Client perform steps to generate the master secret with the agreed cipher.

 

2.  Server Hello

Information that the server needs to communicate with the client using SSL. This includes the SSL version number, cipher settings, session-specific data.

 

5.  Encryption with Session Key

Both client and server exchange messages to inform that future messages will be encrypted.

 

3.  Authentication and Pre-Master Secret

Client authenticates the server certificate. (e.g. Common Name / Date / Issuer) Client (depending on the cipher) creates the pre-master secret for the session, Encrypts with the server's public key and sends the encrypted pre-master secret to the server.

 

 

Negotiation Tools

OpenSSL

Learn more about tools such as OpenSSL used during SSL/TLS negotiations.

Click below to view the sample code used in an SSL handshake.

LEARN MORE
Client Certificates vs. Server Certificates

Client Certificates vs. Server Certificates What’s the Difference?

Mention PKI or ‘Client Certificates’ to many people and it may well conjure up images of businesses busily protecting and completing their customers’ online transactions, yet such certificates are to be found throughout our daily lives, in any number of flavors; when we sign into a VPN; use a bank card at an ATM, or a card to gain access to a building; within Oyster public transport smart cards, used in central London.  

Continue Reading

Renewing SSL/TLS Certificates

Renewing SSL/TLS Certificates

One of the easiest ways you can protect your visitors’ information is to make sure you renew your SSL/TLS certificates on time.

Continue Reading

What Is EV SSL?

What Is EV SSL?

DigiCert SSL/TLS Certificates with Extended Validation (EV) provide solutions that allow companies and consumers to engage in communications and commerce online with confidence.

Continue Reading

USE CASES

Website Security Solutions In The Real World

SSL/TLS Fundamentals

What You Need to Know About SSL/TLS Certificates

Join the Community

Follow us on Twitter

DIGICERT ON TWITTER

Watch Videos on the Website Security YouTube Channel

DIGICERT ON YOUTUBE

We have updated our Privacy Policy which can be found here.