What is SSL? | How Does SSL Work Full Tutorial
Hello. Everyone my. Name is Naveen. And. I'm, trainer, with our Microsoft, certified trainer with SSD and technologies, and. On. Delivering. The training for. Active. Directory for. Windows for, authentication. For. SSL. TLS. From. Last approximately. Five years. Okay. So shall, we start now. Now. This. Presentation is all about how, SSL, and TLS handshake works. So. Why. I'm talking, about SSL, and TLS handshake. Because. Whenever. We talk about the secure, communication. Between the client and server or between the two servers or, between the two clients. SSL. And TLS handshake, plays. A very important, role in. Domain. Environment we have the different authentication. Protocols, like Kerberos. Ntlm. Through. Which we can verify. The identity of the user we can verify. The. Authenticity of, the user who, is trying to access the resources. However. As. Of now we, have the different resources that we need to access it over. The wire on internet. On, internet. Whatever. It with the machines these are not the domain join machines, so. How do we to provide the, authenticity the, authenticity of the, user. Or the authenticity of the server. So. Basically the SSL and TLS handshake, is, all about, for. An example if I am accessing the web site for any bank like, Citibank calm, as. I. Am a user I would like to know that the web site that I am authenticating, this, is from. Citibank only. There. Is no impersonation. In between and there, is no man and middle attack. So. Ssl/tls. Plays. A very important, role in that and. As. Of, now. If. We talk about any, technology, every. Technology is moving. On cloud. So. If. We talk about cloud, SSL. And TLS handshake would, be the one of the most important, thing that comes, in picture. So. SSL, handshake, provides. Like. It encrypts the sensitive information it. Provides. Authentication. Authenticity. Of the server authenticity, of the client, it. Provides trust. So. We. Will talk about. How. SSL. And TLS stack. Look likes. SSL. And TLS stack, like I'm, talking about so when it would be. I'm. Talking, about whenever we talk about, how. Do we need to check the data in. Any of the network tools like Network. Monitor, or, were shocked or were shocked analyzer. Or. Net. Monde, so. How. The how, the did how, the SSL, and TLS, stack, look likes so, there would be network. Layer. IP. Internet layer and, TCP. That would be the transport, layer and. Above. That transport, layer we. Have application. Layer and in. That application layer we have as a Celt record, layer protocol, and. Whatever. The data that we have in the application layer. It. Is, encrypted, and. At. The application, level we can see SSL. Handshake protocol as, a cell size, first. Protocol. Gene severs spec protocol and SSL. Alert protocol as, acyl handshake protocol would be the SSL. Handshake when, the client send the client hello server sends a server hello and after. That they, try, to interact with each other set up the secure channel and the. Change ciphers pack would be the flag from the server that indicates that yes I am ready for the secure, communication, and. During. That secure, communication, if there would be any alert it. Gives. Us the error message in the form of SSL, alert protocol. So. If you check these. Traces. In. Any of the network. Analyzer. Tool first. Of all you will find that. There would be a. Tcp/ip. Handshake. After. That tcp/ip, handshake or. There would be SSL, handshake and after. That SSL handshake, we. Will find. Application. Data if the SSL handshake is successful, if the SSL handshake is not successful we will get SSL, alert code. And. This. Is how SSL, and TLS handshake works. So. Because. SSL, and TLS works, over. Tcp/ip. So. There, would be a client the. Client I'm calling to that entity, which. Is initiating. The client hello and the server would be the entity which. Is initiating, the server hello, so. First of all client send the tcp/ip. Sync. Server. Reverse synciq. Acknowledgement. For the sink and the. Client sent yes, I have, acknowledged, your, syn. ACK and. The. Tcp/ip handshake, has been completed once. The tcp/ip, handshake, has been completed after that client sends the client hello in. That client hello client sends SSL. Protocol version session. ID list. Of cipher Suites and the. Client hello vaccinations what. Are the client hello extensions, we will look into that further. As. Soon as the sir would get the client hello packet. It. Checks. Would, what would be the SSL protocol version one we need to talk it, creates, the session ID and, it. Selects, the cipher suites on which we need to work it, sends, the server authentication.
Certificate. To the client and. It. Can also request, client certificate, if the mutual, auth is enabled, and the client. Certificate is required. And. When. The client get, the server hello after that, there. Are few methods through, which. Client. Generates, the premaster secret and, if, the certificate has been required that is optional it, has been sent to the server that is, in the packet, of. Client. Key exchange and after. That servers, and chain, ciphers pack that, yes I am ready for the SSL. Communication, and after. That application. Redaction starts. When. The, client hello has been sent in. The client hello, we. Send TLS, protocol version the, TLS protocol versions, would be. SSL. 2.0, SSL, 3.0. TLS, 1.0. TLS. 1.1. And TLS 1.2. So. It sends, the protocol. Versions, that, are enabled. On client. Client, generates, the, random number that, would be the random pseudo, number that has been generated on the client it can be any number there, would be no sequence, or there would be no method for that and. When. Client, initiates the, first session, it creates, the session ID. If. The session has been resumed. It. Will. It. Can use the previous session, ID however, which session ID do we need to use that, would be the decision of the server. Apart. From that in the client hello we get the list of all the cipher suites server. Name indication where. We have the name of the server. For which we would like to contact. And the supported hash algorithms, on the. Client, machine. When. This client hello has been received by the server, the. Server decides on, which TLS, protocol they need to talk, they. Select the highest protocol. Version. Whatever. It would be available on the client and on the server which, is common. Now. Here, server, generates, its. Server, random number server. Generates the, session ID and. Server. Has. Its, server. Authentication certificate. So. It sends the public. Key like it sends a certificate, without private key in, the server hello packet and it, also sends the, cipher suite on which we need to talk. Now. As soon. As the client get the server, authentication certificate. It. Validates. The certificate. In. Order to validate that certificate it, verify. The chain of the cert forget. It. Verifies, the revocation of the certificate. Just. To make sure that the certificate, on which the. Certificate, that has been provided, by the server for.
The Server authentication is, a valid certificate and, I can, trust that certificate. So. In order to do that there, will be two functions that has been called one, is cert. Certificate. Chain start that, is for the chain validation, the. Chain validation, means the. Certificate, of the an. Entity that would be the server authentication certificate. And the. Certificate, which has been issued by. The. Issuing certificate. Authority certificate, and the, root CA certificate, authority certificate. And. After. That. The. Revocation for all, these certificates has been started the revocation means this, whenever. We issue, the certificate. The. Valid, of the certificate, sorry there, would be a certain time. Period for that certificate like maybe for one year maybe for two years maybe for three months, however. There would be some circumstances where. We need to revoke the certificate, before its. Entity. In. That situation, it. Can happen because of a number of reasons. Like. If. The. Private key of the certificate, has been compromised, or if. There. Would be any problem in that certificate. Because of that that means it has, forcefully. Rebook that certificate. After. The validation, of the certificate. Client. Builds, chain, ciphers back. So. Till now we have, sent the client hello client. Send the client hello and in. The client hello client, sent the client random number. When. This. Packet has been received, by the server server, has generated, the server random number and. Its. Own, server, authentication certificate. It. Has been sent to the client so. Now client, has client, random number server. Random number and server. Authentication certificate. Public key. Now. With. The help of the client, random number and server. Random number. The. Client, generate premaster, secret and. That. Encrypts. The premaster secret with. The server, authentication certificate. Public key. And.
It, Sends in the client. Key exchange packet, once. This packet has been sent to the server. Server. Would be able to decrypt that packet because the server has only the private key of that certificate. Remember. One thing that private. Key never travel over the world. So. Now if, you check that. On. The server and on the client what, we have. On. The server we have client. Random number server. Random number and premaster, secret and, on. The client we, have client. Error number server. Unknown number and premaster. Secret. Now. With the help of these three things, client. And server. Will. Generate master. Secret. And. The. Master, secret would be, the. Same on both the machines because, it has been calculated by some mathematical, calculations. And it. Has been calculated by the help of client, random number server, engine number and premaster, secret that. Are same on the, client and on the server. Now. After. That. Server. Will send the change, cipher spec, to the client that, means the server is ready for the. Secured. Communication over, SSL or TLS. So. This, is a, like, high-level overview that, how, SSL, and TLS handshake works. Let's. See the same traffic, in the network crisis. That. Will give us better, information on this. So. Here are the network prices that, I have collected in my lab machine. At. The time of. Creating. A SSL, handshake. My. Client IP is 192, 168, 2.54. And the server IP is 192. 168, 2.52. These. Traces, has been collected on the client end and, if. We check the first packet, the first packet has been sent from, the client. To the server and this, is for sync, it's, the TCP ID sink, the. Server works with the sync ACK. In. The third packet the client sends. The. Acknowledgement for synciq. The. Tcp/ip, handshake. Has been completed. Till. Here. Now. The SSL, handshake starts. The. Client sends the client, hello. So. Let us see how does it look like in the client hello. So. In the client hello. If. You check. This. Is the information about the tcp/ip like, what is IP address for the client what is I P address for the server after, that we if you go to secure. Socket layer, in. The secure socket layer we have the information about. The. Handshake, protocol that, is client hello client. At a handshake. Type would be client hello the. TLS version that, has been used would be TLS 1.2 and, this.
Is The client random, number that I was talking about that has been sent at. The time of. Client. Hello. So. This, is my client Rae number and. So. This is my client, random number. This. Is my session, ID, session. ID is 0 because this. Is the first session it has not been renegotiated. So. There would be no previous, session ID the, client is, initiating, the the, handshake. Because. I said so the session ID is, 0 and. I. Promote. Do you have the question on what, are the cipher suites. Hello. Elodie. Hello. Can you hear me, yes. Yes. So. Your question would be what are the cipher suites right, yes. Yes. So. The cipher suite if you talk about it would be the combination of a number of things. If. You. Check. This. Cipher. Suite that. Will be the TLS ec, let. Me take a simple cipher. Suite. And. Moreover. Promote. If. It is possible can, we answer, all these questions at the last, at. The end of the session. Because. It would be lot easier for us you know in order to answer all the questions at the end of, the session because like, if I, will try to answer all the questions, now, it may break the flow of the presentation. Yeah, sure thank. You. So. Thanks a lot. Let. Me continue on this we. Have client. Hello in, the client hello it has been defined, that, what. Is. What. Is my s. Channel protocol that has been used what. Is a random number that has, been created on the client and. The. Session ID it is zero because it's. The first, handshake. It's not, renegotiated. Or it's not the resumed session, and after. That we have the list of all, the cipher, suites. These, are the cipher suites that are enabled, on the client. And. How. It. How. This efforts look like would be, if. You check. If. You check. Receive. Would be the asymmetric. Encryption algorithm. So. That would be, transport. Layer security with. RSA. With. Aes 128. Aes. 128 would, be the symmetric, algorithm and. After. That GCM. We. Have sha 256. 256. Would be the hashing algorithm, so. It would be the combination of, symmetric. Key is symmetric, key and the, hashing algorithm, that, is why it is called cipher, suite. Okay. A part on that. If, this is one of the most important thing this. Is the name of the silver for, which and sending, the client hello. And. We. Have signature. Algorithms. That. Are supported, on the client like, RSA, pkcs1. Sha-256. Char.
384, Sha-1, sha-256. Char, 384, so. These are the hashing. Algorithms, that are enabled on the client machine. And. Apart. From that. And. Apart from that. We. Have session, ticket, we have application, layer protocol negotiation. And, we have. Extended, master secret. Right. Now the length is low because with, the client eluate cannot be sent master. Secret cannot be sent and. The. We. Have a renegotiation, if it, is renegotiated. So. That would be the information with the client, hello so. Till now what, we have concluded would be with, the client hello it sends the. SSL, TLS handshake protocol. Client. Random number, Shan, ID list. Of cipher Suites, server. Name indication and. Hashing. Algorithm that has supported on the client machine. Once. It has been sent to the server, once. It has been received by the server. How. The server hello, looks like. Server. Builds the server hello on the, basis of the client hello that he has caught and. The. Available, cipher, suites and the availability LS protocol, and the hashing algorithm, that is available on the server itself. So. This. Is a. Server. Hello. The server decided, to choose. TLS. Version 1.2. At. The record layer the. Record layer would be the layer that, works, over. Tcp/ip. And, under. The record layer all the TLS. And SSL handshake, flows. Under. The record layer tls/ssl, handshake. Works and. Change. Several spec works and if, there would be any any. Fettle. Alert or if there would be any, encrypted. Alert that, we get an under, record, layer, and. The, version for the TLS that has been you that has been accepted. By the server and the server is sending yes I am okay to talk, on TLS 1.2 and. This. Is a server hello packet and, now. If you check there would be a random number. So. This kind of number is from. Is. From server. This, is my server random, number and. The. Session ID has been generated my session ID has been 32 that, has been generated by sorry. Session ID length is 32 this is my session ID, so. This is the session ID that has been generated for the session and the. Cipher suite or that, the. Server and, the client will use for further communication that, would be TLS. EC, DHE, RSA. With. Aes 256. GCM, sha 384, and. Apart. From that. The. Server has sent its certificate. So. This is my certificate that has been sent to the client, and. This. Is the signed, certificate, if. You check the details of the certificate, like the subject name and. N. Number of extensions. So. The relative distinguished, name would be ID at common, root CA root CA would be the name of my is. Server please, do not confuse with this name it. Is server not root certificate, authority, so. This is the subject name the subject name would be the name to own the certificate has been issued, so. If we check, the details of this certificate. This. Certificate has been issued to route C a dot hallo comm and. These. Are the extensions, for this certificate like. What is the template that has been used what, is the extended, key usage what is the key usage and what is the subject key identifier, Authority. Key identifier, will destitution points, Authority, information, access and subject. Alternate names subject, why the subject alternate names are very important, these days right, now because. As per the guidelines from Google. And as. Per the guidelines from, any of the secured websites if you, do not have a subject altered, name in your server, authentication certificate. It will be considered as non secure. And. Apart. From that it, will. So. This, is an information, that has been sent by the server hello so. To summarize in the server hello what we have sent we have sent the accepted, TLS and SSL version protocol, we. Have sent, the server a known number we, have sent the session ID and we, have sent the cipher suite on which we will talk and, a. And we have send server, authentication, certificate. So. Till, now what, client, has now.
The Client has, client. Random number server. Random number the. Certificate, of, the. The. Certificate, of the. Server. Authentication certificate. As. Soon, as the, server. Will get, as. Soon as the client will get all this information. With. The help of the. Ok, with the help of the. Client. Render number and server. Random number the. Client will generate premaster secret. And. That. Premaster, secret would, be encrypted. By, the, server. Public-key. The. Server public, the server certificate, public key has been derived, from. The certificate, that has been sent by the server in the client hello packet. And. After. That it, will send this information too. After. That it will send this information to server. And. So. Till. Now I, am. Just trying. To summarize that as simple, as possible so that there, would be no confusion, because. In TLS, and SSL handshake, initially, it works over is. Symmetric. Encryption and after, that it works on symmetric, encryption. So. Now. The. Client. Has. Client. Random number server. Random number and premaster, secret. Client. Has sent the premaster secret which, is encrypted by the, server. Certificate. Public. Key which. Can be decrypted by only server, and. Once. This. Client. Key exchange, packet. Has been, received. By the server, it. Will be able to decrypt through the help of the private key that is on the server. Now. The server, also has. Client. Random number server. Random number and premaster. Secret. So. In that way on. The client and on the server we. Have the same. Kind of data through. Which we can apply some mathematical. Calculations, and we. Can calculate master. Secret. With. The help of client, remember, server. Random number and premaster, secret, client. Calculates. Master. Secret in. The same way the. Server calculates, the master. Secret now. Client, and server both. Have. Symmetric. Key which. Is, same with the client same with the server, after. That server, will send change, ciphers, back. Change. Ciphers, back means yes. I am ready for. Secure. Communication. If. You check this packet change therefore spec you will not find much. Information in that. That. Will say only change. Cipher chain. Chain ciphers pack protocol, change self respect and it's. Encrypted handshake, message and. That's. It. After. That application. Data starts. Application. Data means. Now. If now, if you check any packet all the packets are encrypted. So. The symmetric encryption has, been started, now, we don't know that what is data, is going on. It. Is because all is encrypted, if we have the private key for this for the server yes, we can decrypt this data, but. They in order to decrypt the data that, would not be the part of the session but yes we can do that if we have the private key of the certificate. We. Can do that. So. Again. I am summarizing. Till. Now whatever, we have checked in the network prices. Whatever. We have. What.
Would We have checked in the network, prices and whatever. We. Have seen till now. And. How. SSL, and TLS works. So. In the simple words that, TLS. Handshake protocol. Involves. The following steps the, client hello sends the client hello then. Into the server along with the client random number value and supported. Cyber suits, server. Respond by sending the server hello to the client along with the server random value. The. Server sends its certificate, to the client for authentication, and may, request, a certificate for the client the. Server sends the server. Hello done message. If. The server has requested a certificate, from the client that client sends it's an optional the. Client sends the random, premaster secret and, encrypts. It with the public key from the server. Certificate, sending the encrypted, premaster secret to the server. And. The server it drives the premaster secret the, server and client each, to read the master secret that, is also called session, key based, on the premaster secret. The. Client sends change self-respect notification, to server to indicate that the client will start, using the new session keys for. Hashing and encryption, messages. Client. Also sends, client finished message and the. Server receives change, ciphers back and switches. This to record, layer security. State. To symmetric, encryption. Using. The session key, server. Sends server, finished kind. To the server and the. Client end server can now exchange, application, data over the secured, Channel they. Have established, all. Messages, sent from client, to server and from server to client are encrypted, using session, key. So. What, happens all together, initially. We have started, client, hello. In. The client hello we have sent the client ID number. The. Server generates server, hello it, generates, the server a random, number it. Sends the. Server. Certificate. Client. Get. The server I know number and the. Server certificate, with, the help of these three things it, can with, the help of the client, random, number and server, I know number, it. Creates the premaster, secret. And. The premaster secret has, been encrypted, by the public. Key of the server, and it. Has been sent to the server and server, would be able to decrypt it with the private, key this. Is a symmetric, encryption. Once. The server and client will, have the same symmetric. Key and the. Server can encrypt, the data with the same key and the. Client would be able to in. Client. Would be decrypt, the data with the same key that is symmetric, encryption. So. This is all about how SSL, and TLS handshake works. Any. Questions. And. If. There would be any questions. Feel. Free to contact us at. SS lien technologies, or. Of this would be @m 50, over DLF colony. Sector. 14 grow, ha and. Call. Us anytime on the phone number giving, on this screen. So. Thanks a lot for. All. The, people. Who has. Devoted. Their time in, order to attend this session. Thanks. A lot for. Joining the. Training. Session and. How. Wonderful.