SSL 3.0 Handshake
When an SSL client connects to an SSL server, the SSL Handshake begins. The SSL Handshake establishes the protocols that will be used during the communication, selects the cryptographic algorithms, authenticates the parties, and uses public key cryptography to create a master secret, from which encryption and authentication keys are derived.
The master secret for the SSL session is created by the server using a premaster secret sent from the client.
The master secret is used to generate four more secrets (keys):
An encryption key used for sending data from the client to the server.
An encryption key used for sending data from the server to the client.
An authentication key used for sending data from the client to the server.
An authentication key used for sending data from the server to the client.
Sequence of Events
The SSL Handshake is performed by a ten-part exchange between the client and the server. Optional items are indicated in {brackets}:
The client opens a connection and sends the ClientHello.
The server sends a ServerHello.
{The server sends its certificate.}
{The server sends a ServerKeyExchange.}
{The server sends a CertificateRequest.}
{The client sends its certificate.}
The client sends a ClientKeyExchange.
{The client sends a CertificateVerify.}
The client and server both send ChangeCipherSpec messages.
The client and server both send finished messages.
With the exception of the secrets that are encrypted with the recipientmem s public key, the entire handshake is ...
Get Web Security and Commerce now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.