View on GitHub

networking

Harsh Kapadia's Computer Networking knowledge base.

TLS

(Back to Home)

Last updated: 20th March 2023

Table of Contents

Introduction

Examples of TLS in the Wild

NOTE:

  • This information can be found in the Security tab in the browser DevTools or on clicking the ‘lock’ (or ‘unlock’) symbol to the left of the URL in the browser search bar.
  • The string of cipher information seen in the pictures below is called a ‘cipher suite’. There are several of them for each protocol and they tell us which ciphers are being used by a particular protocol after both machines have agreed on the ciphers to be used.

Common Cryptographic Algorithms in TLS

Some common terms seen in the pictures above

Diffie-Hellman (DH)

RSA

AES

SHA256

Why Symmetric Key Encryption is Used

Why is Symmetric Key Encryption (Eg: AES) used for actual data communication rather than just Asymmetric Key Encryption (Eg: RSA)?

Conditions to be Fulfilled by a TLS Handshake

General TLS Protocol Structure

TLS 1.2 Handshake

NOTE:

  • C = Client and S = Server.
  • TLS 1.2 takes two round trips (C -> S, S -> C, C -> S and S -> C) to complete the handshake. (TLS 1.3 takes just one round trip.)

Overview

The TLS 1.2 handshake as seen in Wireshark

First Round Trip

'Client Hello' Message


Contents of Random in the 'Client Hello' Message

'Server Hello' Message


'Server Key Exchange' Message


'Server Key Exchange' Message (contd.) and 'Server Hello Done' Message

Second Round Trip

'Client Key Exchange' Message


Client 'Change Cipher Spec' Message


Client 'Finished' Message

Server 'Change Cipher Spec' Message


Server 'Finished' Message

Overview

An overview of the TLS 1.2 Handshake as in RFC 5246

TLS 1.3 Handshake

NOTE:

  • C = Client and S = Server.
  • TLS 1.3 takes just one round trip (C -> S and S -> C) to complete the handshake. (TLS 1.2 takes two round trips.)

Overview

The TLS 1.3 handshake as seen in Wireshark

Round Trip

NOTE: The images below are from Wireshark and are for a TLS 1.3 handshake. There are lots of mentions of protocol versions being TLS 1.0 or TLS 1.2, but that is done on purpose by the TLS 1.3 standard for backward compatibility due to possible version negotiation issues which might cause ‘version intolerance’. The actual version for TLS 1.3 is mentioned in the supported_versions extension as seen in the Client Hello and Server Hello images below. (All the places in the TLS 1.3 handshake where old TLS versions can be seen and the reason for using old TLS version numbers in a TLS 1.3 handshake.)

'Client Hello' Message

NOTE: Please read the note above the TLS 1.3 handshake Client Hello image in case there is a confusion as to why the TLS version is TLS 1.2 for a TLS 1.3 handshake at a lot of places in the image below. Hint: The actual TLS version used (TLS 1.3) is mentioned in the supported_versions extension as seen in the image below.

'Server Hello' Message

Client 'Change Cipher Spec' Message

Overview

An overview of the TLS 1.3 Handshake as in RFC 8446


An overview of the TLS 1.3 Handshake as a cURL request


Need for Two Sets of Keys

Credits to Gabriel Kaptchuk for this explanation.

Encrypt(key_1, "unchanged_data") = "1234567890"
Encrypt(key_2, "unchanged_data") = "abcdefghij"

Heartbleed

mTLS

Resources