{"id":622,"date":"2023-02-11T11:32:19","date_gmt":"2023-02-11T19:32:19","guid":{"rendered":"https:\/\/liangqi.org\/?p=622"},"modified":"2023-02-11T11:37:22","modified_gmt":"2023-02-11T19:37:22","slug":"how-tls-works","status":"publish","type":"post","link":"https:\/\/liangqi.org\/?p=622","title":{"rendered":"How TLS handshake works"},"content":{"rendered":"\n

This chart is based on the article here:<\/p>\n\n\n\n

https:\/\/www.cloudflare.com\/learning\/ssl\/what-happens-in-a-tls-handshake\/<\/p>\n\n\n\n

It would be much clear to be able to show it in a sequence chart. The key point is in each step what client\/server has to generate sessionKey.<\/p>\n\n\n\n

The premasterSecret is the key factor here. it got generated in the client side by using the pubic key generated in server side. In this way, client side has it’s value (since it generated in client side) and the server side can get it by using private key to decrete it.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Sequence diagram source code:<\/p>\n\n\n\n

title How TLS works\n\nClient->Server:hello(clientRandom,supportedTLSVersions)\nnote over Client:clientRandom\nnote over Server:clientRandom\nServer->Client:hello(serverRandom,SSL Certificate, chosedCipherSuite)\nnote over Client:clientRandom,ServerRandom, ServerCert, chosedCipherSuite (e.g.RSA256)\nnote over Server:clientRandom,ServerRandom\nClient->Client: verify Cert with Authority\nClient->Client: generate premaster secret using public key fro server\nnote over Client:clientRandom,,ServerRandom,premasterSecret,[ServerCert, chosedCipherSuite]\nClient->Server:send(encrypedPreMasterSecret)\nServer->Server:decrepte(encrypedPreMasterSecret)\nnote over Server:clientRandom,ServerRandom,preMasterSecret\nnote over Client: SessionKey(clientRandom,serverRandom,preMasterSecret)\nnote over Server: SessionKey(clientRandom,serverRandom,preMasterSecret)\nClient->Server:finish(encrypedWithSessionKey)\nServer->Client:finish(encrypedWithSessionKey)\nnote over Client,Server:Handshake is completed<\/code><\/pre>\n\n\n\n
mTLS<\/p>\n\n\n\n
mutual TLS is enhanced TLS which server side needs to verify the identity on the client side as well.  The main difference is we need a new server generated preMasterSecret to generate the session key.<\/p>\n","protected":false},"excerpt":{"rendered":"
This chart is based on the article here: https:\/\/www.cloudflare.com\/learning\/ssl\/what-happens-in-a-tls-handshake\/ It would be much clear to be able to show it in a sequence chart. The key point is in each step what client\/server has to generate sessionKey. The premasterSecret is the key factor here. it got generated in the client side by using the pubic key generated in server side. In this way, client side has it’s value (since it generated in client side) and the server side can get it by using private key to decrete it. Sequence diagram source code: mTLS mutual TLS is enhanced TLS which server side needs to verify the identity on the client side as well. The main difference is we need a new server generated preMasterSecret to generate the session key.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16,37],"tags":[],"class_list":["post-622","post","type-post","status-publish","format-standard","hentry","category-16","category-37"],"yoast_head":"\nHow TLS handshake works - Liangqi\u2018s Technical Journey<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/liangqi.org\/?p=622\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How TLS handshake works - Liangqi\u2018s Technical Journey\" \/>\n<meta property=\"og:description\" content=\"This chart is based on the article here: https:\/\/www.cloudflare.com\/learning\/ssl\/what-happens-in-a-tls-handshake\/ It would be much clear to be able to show it in a sequence chart. The key point is in each step what client\/server has to generate sessionKey. The premasterSecret is the key factor here. it got generated in the client side by using the pubic key generated in server side. In this way, client side has it’s value (since it generated in client side) and the server side can get it by using private key to decrete it. Sequence diagram source code: mTLS mutual TLS is enhanced TLS which server side needs to verify the identity on the client side as well. The main difference is we need a new server generated preMasterSecret to generate the session key.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/liangqi.org\/?p=622\" \/>\n<meta property=\"og:site_name\" content=\"Liangqi\u2018s Technical Journey\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-11T19:32:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-02-11T19:37:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/liangqi.org\/wp-content\/uploads\/2023\/02\/image-1.png\" \/>\n<meta name=\"author\" content=\"liangqi\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"liangqi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/liangqi.org\/?p=622#article\",\"isPartOf\":{\"@id\":\"https:\/\/liangqi.org\/?p=622\"},\"author\":{\"name\":\"liangqi\",\"@id\":\"https:\/\/liangqi.org\/#\/schema\/person\/105c89d9b783fda67b62e3ce113d6cd3\"},\"headline\":\"How TLS handshake works\",\"datePublished\":\"2023-02-11T19:32:19+00:00\",\"dateModified\":\"2023-02-11T19:37:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/liangqi.org\/?p=622\"},\"wordCount\":140,\"commentCount\":2,\"publisher\":{\"@id\":\"https:\/\/liangqi.org\/#\/schema\/person\/105c89d9b783fda67b62e3ce113d6cd3\"},\"articleSection\":[\"\u6280\u672f\",\"\u7f51\u7edc\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/liangqi.org\/?p=622#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/liangqi.org\/?p=622\",\"url\":\"https:\/\/liangqi.org\/?p=622\",\"name\":\"How TLS handshake works - Liangqi\u2018s Technical Journey\",\"isPartOf\":{\"@id\":\"https:\/\/liangqi.org\/#website\"},\"datePublished\":\"2023-02-11T19:32:19+00:00\",\"dateModified\":\"2023-02-11T19:37:22+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/liangqi.org\/?p=622#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/liangqi.org\/?p=622\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/liangqi.org\/?p=622#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/liangqi.org\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How TLS handshake works\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/liangqi.org\/#website\",\"url\":\"https:\/\/liangqi.org\/\",\"name\":\"Liangqi\u2018s Technical Journey\",\"description\":\"Chasing Excellence; Enjoy life.\",\"publisher\":{\"@id\":\"https:\/\/liangqi.org\/#\/schema\/person\/105c89d9b783fda67b62e3ce113d6cd3\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/liangqi.org\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/liangqi.org\/#\/schema\/person\/105c89d9b783fda67b62e3ce113d6cd3\",\"name\":\"liangqi\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/liangqi.org\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/liangqi.org\/wp-content\/uploads\/2022\/01\/P1100089-3-scaled.jpg\",\"contentUrl\":\"https:\/\/liangqi.org\/wp-content\/uploads\/2022\/01\/P1100089-3-scaled.jpg\",\"width\":2560,\"height\":1920,\"caption\":\"liangqi\"},\"logo\":{\"@id\":\"https:\/\/liangqi.org\/#\/schema\/person\/image\/\"},\"sameAs\":[\"https:\/\/liangqi.org\"],\"url\":\"https:\/\/liangqi.org\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How TLS handshake works - Liangqi\u2018s Technical Journey","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/liangqi.org\/?p=622","og_locale":"en_US","og_type":"article","og_title":"How TLS handshake works - Liangqi\u2018s Technical Journey","og_description":"This chart is based on the article here: https:\/\/www.cloudflare.com\/learning\/ssl\/what-happens-in-a-tls-handshake\/ It would be much clear to be able to show it in a sequence chart. The key point is in each step what client\/server has to generate sessionKey. The premasterSecret is the key factor here. it got generated in the client side by using the pubic key generated in server side. In this way, client side has it’s value (since it generated in client side) and the server side can get it by using private key to decrete it. Sequence diagram source code: mTLS mutual TLS is enhanced TLS which server side needs to verify the identity on the client side as well. The main difference is we need a new server generated preMasterSecret to generate the session key.","og_url":"https:\/\/liangqi.org\/?p=622","og_site_name":"Liangqi\u2018s Technical Journey","article_published_time":"2023-02-11T19:32:19+00:00","article_modified_time":"2023-02-11T19:37:22+00:00","og_image":[{"url":"https:\/\/liangqi.org\/wp-content\/uploads\/2023\/02\/image-1.png"}],"author":"liangqi","twitter_card":"summary_large_image","twitter_misc":{"Written by":"liangqi","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/liangqi.org\/?p=622#article","isPartOf":{"@id":"https:\/\/liangqi.org\/?p=622"},"author":{"name":"liangqi","@id":"https:\/\/liangqi.org\/#\/schema\/person\/105c89d9b783fda67b62e3ce113d6cd3"},"headline":"How TLS handshake works","datePublished":"2023-02-11T19:32:19+00:00","dateModified":"2023-02-11T19:37:22+00:00","mainEntityOfPage":{"@id":"https:\/\/liangqi.org\/?p=622"},"wordCount":140,"commentCount":2,"publisher":{"@id":"https:\/\/liangqi.org\/#\/schema\/person\/105c89d9b783fda67b62e3ce113d6cd3"},"articleSection":["\u6280\u672f","\u7f51\u7edc"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/liangqi.org\/?p=622#respond"]}]},{"@type":"WebPage","@id":"https:\/\/liangqi.org\/?p=622","url":"https:\/\/liangqi.org\/?p=622","name":"How TLS handshake works - Liangqi\u2018s Technical Journey","isPartOf":{"@id":"https:\/\/liangqi.org\/#website"},"datePublished":"2023-02-11T19:32:19+00:00","dateModified":"2023-02-11T19:37:22+00:00","breadcrumb":{"@id":"https:\/\/liangqi.org\/?p=622#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/liangqi.org\/?p=622"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/liangqi.org\/?p=622#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/liangqi.org\/"},{"@type":"ListItem","position":2,"name":"How TLS handshake works"}]},{"@type":"WebSite","@id":"https:\/\/liangqi.org\/#website","url":"https:\/\/liangqi.org\/","name":"Liangqi\u2018s Technical Journey","description":"Chasing Excellence; Enjoy life.","publisher":{"@id":"https:\/\/liangqi.org\/#\/schema\/person\/105c89d9b783fda67b62e3ce113d6cd3"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/liangqi.org\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/liangqi.org\/#\/schema\/person\/105c89d9b783fda67b62e3ce113d6cd3","name":"liangqi","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/liangqi.org\/#\/schema\/person\/image\/","url":"https:\/\/liangqi.org\/wp-content\/uploads\/2022\/01\/P1100089-3-scaled.jpg","contentUrl":"https:\/\/liangqi.org\/wp-content\/uploads\/2022\/01\/P1100089-3-scaled.jpg","width":2560,"height":1920,"caption":"liangqi"},"logo":{"@id":"https:\/\/liangqi.org\/#\/schema\/person\/image\/"},"sameAs":["https:\/\/liangqi.org"],"url":"https:\/\/liangqi.org\/?author=1"}]}},"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/liangqi.org\/index.php?rest_route=\/wp\/v2\/posts\/622","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/liangqi.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/liangqi.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/liangqi.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/liangqi.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=622"}],"version-history":[{"count":3,"href":"https:\/\/liangqi.org\/index.php?rest_route=\/wp\/v2\/posts\/622\/revisions"}],"predecessor-version":[{"id":627,"href":"https:\/\/liangqi.org\/index.php?rest_route=\/wp\/v2\/posts\/622\/revisions\/627"}],"wp:attachment":[{"href":"https:\/\/liangqi.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=622"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/liangqi.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=622"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/liangqi.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=622"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}