An overview of the SSL handshake
This section provides a summary of the steps that enable the SSL client
and SSL server to:
- Agree on the version of the SSL protocol to use.
- Select cryptographic algorithms, which are described in CipherSuites and CipherSpecs.
- Authenticate each other by exchanging and validating digital certificates.
For more information, refer to Digital certificates.
- Use asymmetric encryption techniques to generate a shared secret key,
which avoids the key distribution problem. SSL subsequently uses the shared
key for the symmetric encryption of messages, which is faster than asymmetric
encryption.
This section does not attempt to provide full details of the messages exchanged
during the SSL handshake. In overview, the steps involved in the SSL handshake
are as follows:
- The SSL client sends a "client hello" message that lists cryptographic
information such as the SSL version and, in the client's order of preference,
the CipherSuites supported by the client. The message also contains a random
byte string that is used in subsequent computations. The SSL protocol allows
for the "client hello" to include the data compression methods supported
by the client, but current SSL implementations do not usually include this
provision.
- The SSL server responds with a "server hello" message that contains
the CipherSuite chosen by the server from the list provided by the SSL client,
the session ID and another random byte string. The SSL server also sends its
digital certificate. If the server requires a digital certificate for client
authentication, the server sends a "client certificate request" that
includes a list of the types of certificates supported and the Distinguished
Names of acceptable Certification Authorities (CAs).
- The SSL client verifies the digital signature on the SSL server's digital
certificate and checks that the CipherSuite chosen by the server is acceptable.
- The SSL client sends the random byte string that enables both the client
and the server to compute the secret key to be used for encrypting subsequent
message data. The random byte string itself is encrypted with the server's
public key.
-
If the SSL server sent a "client certificate request", the SSL client sends a random byte string encrypted with the client's
private key, together with the client's digital certificate, or a "no digital
certificate alert". This alert is only a warning, but with some implementations
the handshake fails if client authentication is mandatory.
- The SSL server verifies the signature on the client certificate.
-
The SSL client sends the SSL server a "finished" message, which is encrypted with the secret key, indicating that the
client part of the handshake is complete.
-
The SSL server sends the SSL client a "finished" message, which is encrypted with the secret key, indicating that the
server part of the handshake is complete.
- For the duration of the SSL session, the SSL server and SSL client can
now exchange messages that are symmetrically encrypted with the shared secret
key.
Figure 7 illustrates the SSL handshake.