How does SSL/TLS work?
SSL/TLS provides authentication when a user attempts to access a secure Web server. SSL/TLS consists of four operations:
• Handshake and cipher suite negotiations.
Client and server contact each other and choose a common cipher suite.
The suite includes a method for exchanging the shared secret key; a
method for encrypting data; and a Message Authentication Code (MAC)
specifying how application data will be hashed and signed to prove
integrity.
• User identity authentication. The
server always authenticates its identity to the client. However,
whether the client needs to authenticate with the server depends on the
application. The exact authentication method (primarily, which digital
certificate format will be used) depends on the negotiated cipher
suite.
• Key exchange. After choosing
a cipher suite, the client and server exchange a key, or the precursors
with which to create a key, that they will use for data encrypting
(again, depending on the negotiated cipher suite's requirements).
• Application data exchange.
The client application and the server application communicate with each
other. All data is encrypted using the negotiated bulk encryption
method.
|