when we access a website over https, there is always a complex process happen under the hood between your browser and remote websrever to ensure the communicate is secure.

SSL-https-green-lock-icon-300x150

there are some concepts involved before we could explian the whole process

ssl-over-https

  1. Client Hello: browser will send out a random number random1 and a list of encryption algorithms algos it could understand to server over http. different kind of browsers with different versions could support different encryption algorithms.
  2. Server Hello: server will send out a random number random2 and selected encryption algorithm algo based on algos to client over http, the server has determined the client and server will communicate based on encryption algorithm algo going forward.
  3. Server Certificate: server will send out it's certificate to client over http, the certificate could be verified by CA to prove it comes from the server.
  4. Server Hello Done: server will send the server hello done msg to client over http to indicate it has no more info
  5. Client Verification: client will use the CA in it's OS to verify server's certificate and extract the public key from the certificate for further usage
  6. Gen pre-master: client will generate a pre-master
  7. Client Key Exchange: client could use server's public key to encrypt pre-master and send to server, server could use it's private key to decrypt pre-master
  8. Gen secret key: now both client and server know random1(from client),random2(from server) , pre-master(from client) and algo(from server), they could generate the symmetric secret key based on the information.
  9. Change Cipher Spec: the client sends the ChangeCipherSpec notification to the server and start the symmetric encryption handshake
  10. Encrypted Handshake Message: client will send handshake message to server based on algo and the generated secret key
  11. Change Cipher Spec: the server sends the ChangeCipherSpec notification to the client and start the symmetric encryption handshake
  12. Encrypted Handshake Message: server will send handshake message to client based on algo and the generated secret key
  13. Finish: going forward the client and server could both understand the encrypted message based on algo and the generated secret key so they could communicated over encrypted channel from then on