Understanding SSL/TLS: From Handshake Basics to Secret Keys Explained

1. SSL/TLS Overview

1.1 Overall Structure

SSL sits between the HTTP protocol and TCP as an optional layer. Its position can be visualized as:

SSL : Secure Socket Layer, developed by Netscape. It provides authentication and encryption for data transmitted over the Internet. The current version is 3.0. SSL operates between the TCP/IP stack and application protocols and consists of two sub‑protocols:

SSL Record Protocol – provides encapsulation, compression, and encryption.

SSL Handshake Protocol – performs authentication, cipher negotiation, and key exchange.

TLS : Transport Layer Security, the successor to SSL. It also provides confidentiality and integrity between two applications. TLS 1.0 is defined by the IETF as an extension of SSL 3.0 (often called SSL 3.1) and consists of:

TLS Record Protocol – sits on top of a reliable transport such as TCP.

TLS Handshake Protocol – negotiates security parameters before data transfer.

SSL/TLS primarily provides three services:

Authentication of client and server.

Encryption of data to prevent eavesdropping.

Integrity protection to ensure data is not altered in transit.

1.2 Differences Between TLS and SSL

Version numbers differ: TLS 1.0 uses version value SSLv3.1.

MAC algorithms: TLS uses HMAC (RFC‑2104) while SSLv3.0 uses a similar algorithm with different padding handling.

PRF: TLS introduces a pseudo‑random function (PRF) for key expansion.

Alert codes: TLS adds many new alert codes and retains all SSLv3.0 alerts.

Cipher suites and client certificates: TLS drops support for some legacy algorithms (e.g., Fortezza).

Certificate_verify and finished messages: Minor differences in hash input, but security is comparable.

Master secret computation differs between the two.

Padding: TLS allows any padding length up to 255 bytes, whereas SSL requires padding to a multiple of the block size.

TLS Main Enhancements

TLS aims to make SSL more secure and its specifications more precise. Enhancements include:

Stronger MAC algorithms.

More detailed alert handling.

Clearer definition of the “gray area” specifications.

TLS Security Improvements

Use of HMAC for message authentication, providing stronger integrity protection.

Enhanced PRF that combines two hash algorithms for key generation.

Improved Finished message verification based on PRF and HMAC.

Consistent certificate handling across implementations.

More specific and additional alert messages.

2. Key Exchange Process – TLS Handshake

The SSL/TLS protocol is divided into a Handshake Protocol and a Record Protocol. The Handshake negotiates keys, while the Record Protocol defines the data format.

Because asymmetric encryption is slow, it is used only for key exchange. After the key exchange, symmetric encryption is used for the bulk of the communication, with HMAC applied for integrity.

SSL by default authenticates only the server; client authentication is optional.

2.1 ClientHello

The client sends a list of supported cipher suites and a random value (ClientRandom). This random value, together with the server’s random value, will later be used to derive the Master Secret.

Supported protocol version (e.g., TLS 1.0).

Client random number.

Supported encryption methods (e.g., RSA).

Supported compression methods.

2.2 ServerHello

After receiving ClientHello, the server replies with its chosen protocol version, a ServerRandom, the selected cipher suite, and its certificate.

Chosen protocol version.

Server random number.

Chosen cipher suite.

Server certificate.

2.3 Certificate Verify (Client Key Exchange)

If the server requests client authentication, the client sends its certificate. The client then sends a PreMaster Secret encrypted with the server’s public key.

Encrypted random value (PreMaster Secret).

ChangeCipherSpec indicating that subsequent messages will be encrypted.

Finished message containing a hash of all previous handshake messages.

The PreMaster Secret is a 48‑byte value generated by the client using RSA or Diffie‑Hellman.

2.4 ChangeCipherSpec and Finished (Client)

The client notifies the server that it will now use the negotiated cipher suite and sends a Finished message encrypted with the newly derived keys.

2.5 Server Finished

The server decrypts the PreMaster Secret, derives the same session keys, sends its own ChangeCipherSpec, and a Finished message to confirm the handshake.

2.6 Secret Keys

Three main secrets are derived during the handshake:

PreMaster Secret – generated by the client and encrypted with the server’s public key.

Master Secret – derived from the PreMaster Secret and both random values; used to generate key material.

Session Secret (Key Material) – includes client and server MAC keys and encryption keys for actual data transfer.

2.7 Application Data Transfer

After the handshake, application data is MACed and then encrypted with the session keys. The receiver uses the corresponding write MAC key and encryption key to verify integrity and decrypt the payload.

3. Visual Analogy of Key Exchange

Imagine A (client) and B (server). A announces its supported algorithms, B selects a combination, sends its certificate, and both parties exchange a secret message encrypted with B’s public key. After decryption, both derive the same encryption keys and can communicate securely.

4. SSL Security

While the SSL/TLS protocol itself is robust, practical attacks often target implementation flaws, such as man‑in‑the‑middle (MITM) attacks. Weak cipher suites without certificates (e.g., DH without authentication) enable attackers to impersonate a party. Proper certificate validation and the use of strong, authenticated key exchange algorithms mitigate these risks.

5. Proxies

When an HTTPS proxy is configured, the browser establishes a TCP tunnel to the proxy using a CONNECT request. The proxy then forwards traffic to the target server without decrypting it, provided a valid certificate is used; otherwise, the proxy becomes a potential MITM point.

CONNECT server.example.com:443 HTTP/1.1
Host: server.example.com:443

6. References

Detailed explanation of HTTPS (SSL/TLS) principles.

Differences and introductions to SSL and TLS.

Overview of SSL/TLS protocol operation.

SSL/TLS/WTLS principles.

Transport Layer Security (TLS) specifications.

Survival guides – TLS/SSL and X.509 certificates.