4. What is TLS/SSL?
• TLS (Transport Layer Security)
• SSL (Secure Sockets Layer) is the same one, but
deprecated by IETF (Internet Engineering Task Force)
• HTTPS is NOT TLS. HTTPS is using TLS with HTTP.
TLS can be used for many protocols including SMTP,
FTP.
6. How does TLS handshake work?
Client Server
1 ClientHello: Available Cipher Suites, random numbers, etc.
2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc.
7. • A Cipher Suite includes:
• Protocol: SSLv3, TLSv1, TLSv1.1, TLSv1.2, etc.
• Key Exchange: RSA, DH, DHE, ECDH, ECDHE, etc.
• Authentications: RSA, DSS, ECDSA, ANON, etc.
• Encryption: 3DES, AES, AES128, etc.
• Block Cipher Operation Mode: CBC, GCM, etc.
• Message Authentication: SHA, SHA256, SHA384, MD5, etc.
How does TLS handshake work?
8. Client Server
1 ClientHello: Available Cipher Suites, random numbers, etc.
2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc.
Client verifies the server’s Certificate.
How does TLS handshake work?
9. Client Server
1 ClientHello: Available Cipher Suites, random numbers, etc.
2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc.
3 Send a pre-master key encrypted with the certificate’s public key.
Client verifies the server’s Certificate.
Note: Pre-master key is a random string.
How does TLS handshake work?
10. Client Server
1 ClientHello: Available Cipher Suites, random numbers, etc.
2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc.
3 Send a pre-master key encrypted with the certificate’s public key.
Client and Server compute the master secret key with the client random
numbers, the server random numbers, and the pre-master key.
Client verifies the server’s Certificate.
How does TLS handshake work?
11. Client Server
1 ClientHello: Available Cipher Suites, random numbers, etc.
2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc.
3 Send a pre-master key encrypted with the certificate’s public key.
Client and Server compute the master secret key with the client random
numbers, the server random numbers, and the pre-master key.
4 ClientFinished: Create hash of messages using the master secret key.
5 ServerFinished: Create hash of messages using the master secret key.
Client verifies the server’s Certificate.
Note: This is where ‘Message Authentication’ of Cipher Suite comes in. Finished
Message will contain the Handshake Messages sent from both the Server and Client.
It’s to verify both client and server have the Same Handshake messages and MAC key.
How does TLS handshake work?
12. • A Cipher Suite includes:
• Protocol: SSLv3, TLSv1, TLSv1.1, TLSv1.2, etc.
• Key Exchange: RSA, DH, DHE, ECDH, ECDHE, etc.
• Authentications: RSA, DSS, ECDSA, ANON, etc.
• Encryption: 3DES, AES, AES128, etc.
• Block Cipher Operation Mode: CBC, GCM, etc.
• Message Authentication: SHA, SHA256, SHA384, MD5, etc.
How does TLS handshake work?
13. Client Server
1 ClientHello: Available Cipher Suites, random numbers, etc.
2 ServerHello: Selected Cipher Suite, Certificate, random numbers, etc.
3 Send a pre-master key encrypted with the certificate’s public key.
Client and Server compute the master secret key with the client random
numbers, the server random numbers, and the pre-master key.
4 ClientFinish: Create hash of messages using the master secret key.
5 ServerFinish: Create hash of messages using the master secret key.
The master secret key will be used as symmetric key to encrypt the data.
Client verifies the server’s Certificate.
How does TLS handshake work?
15. • TLS Certificate is simply a text file
• We can make it our own certificate that says “We are
Google”
• A Browser will trust us:
• If It’s on a list of certificates the browser trusts.
• If it’s able to prove that it’s trusted by one of the
certificates that the browser trusts.
This is where ‘Digital Signature’ comes in.
How does TLS certificate work?
16. • Digital Signature
• TLS Certificates have an associated public/private key
pair.
• A certificate can be “signed” by another authority.
• All root CA certificates are “self-signed”.
• This puts an enormous burden on all browser and
OS publishers to trust only clean root CAs.
How does TLS certificate work?
18. • Man In The Middle Attacks (MITM)
• IP Spoofing, ARP Spoofing, DNS Spoofing
• Blocking HTTPS by the government of South Korea
• No, it was DNS blocking
Real-world Examples