SSL Connection - How It Is Established? - Cheap SSL Certificates at Discounted Prices

What is an SSL?

In 1995 Netscape introduced an SSL certificate for the first time. SSL means “Secure Sockets Layer”, and it is an internet security protocol which is encryption-based. The purpose of incorporating it is to guarantee online privacy and security. Therefore, most of the website uses an SSL certificate to secure their website and users also trust only those websites that are secured with an SSL certificate. This discussion aside, it is important to understand for students of this field, how an SSL connection is established. Seeing its importance, we are going to discuss some details about it here.

SSL Connection- Basic Steps to Establish it

There is a chain reaction to establish an SSL connection. We can divide this process into four key steps.

The server receives a request from the user for a secure connection. In response, the user receives a digital certificate from the server.
In the next step, verifies the server from an authentic list of the certificate authorities.
After verification, the user generates an arbitrary symmetric key. After this, he need to encrypt the arbitrary symmetric key with the help of server’s public key.
Now, the symmetric key is public for both (user and server). The symmetric key enables them to encode and decode the data available in the user’s request and the server’s response to it using the SSL encoding procedure.

This whole process is called an SSL handshake. Let’s discuss this process in detail.

SSL Handshake

While searching an HTTPS URL in a browser, we came to know about an SSL handshake. The website and the browser create an HTTPS connection with the help of an SSL handshake. This process is a one-way process. The essential purpose of using an SSL handshake is to secure the data of the user. Here, an SSL handshake ensures the privacy of the user and keeps the user’s data secure from hackers. Therefore, for establishing a secure SSL connection, the user and the server need to correspond with sensitive information.

There are two types of SSL handshakes.

One-way SSL

In this type of SSL handshake, while establishing an SSL connection only the user verifies the server but the server does not verify the user.

Two-way SSL (Mutual SSL)

In a two-way SSL (Mutual SSL), the server verifies the user, and the user verifies the server using the list of authentic certificate authorities. When any server requires to communicate with any other server, it utilizes the two-way SSL also known as Mutual SSL to verify each other.

Steps for an SSL handshake

There are some rules to follow during an SSL handshake, and we will discuss these rules briefly.

Client Hello

It is the first step in SSL handshake where the user sends the needed data to a server to create an SSL connection. Through this, the user informs the server about its supported versions. Then, the server chooses the cipher that supports it. The servers will ignore the ciphers if they are not compatible with them and after ignoring those ciphers, the server will inform the user by sending a failure warning and terminates the communication.

Server Hello

In response to the Client Hello, the server will use the selected configuration and data collected from Client Hello and go ahead with the SSL handshake. During Server Hello, the server will select the lowest supported TLS version by the user and the highest supported TLS version by it (server). The server then sends back the cipher after choosing out of the available ciphers of the user.

Besides the Server Hello, the server sends the server’s certificate along with the certificate chain. This certificate chain is verified by comparing it with Geotrust SSL certificate in the trust store of the client.

Server Key Exchange Message

In this step, the server sends the key exchange information or message to the user. This message includes all the required information for the user to create the pre-master secret. If you are using the RSA key exchange method or any other method similar to RSA, the server will not send the key exchange message. It occurs as RSA key exchange method does not require to use any data from the server to create the pre-master secret.

Certificate Request

The next step in the SSL handshake process to establish an SSL connection is Certificate Request. However, this step is not required in the one-way SSL handshake. In this step, the server will send a certificate request on behalf of the user with certificate signature methods, certificate authorities, and certificate type that the server supports. The user then needs to send the client certificate. After this process, the user will receive the Server Hello Done message showing the completion of Server Hello. After it, the server waits for the user’s reply.

In some cases, the certificate authorities list will be empty. Here, only the user can decide to either send the client certificate or not.

Client Certificate

After the certificate request, the user will give his certificate list to the servers. Therefore, the certificate must be suitable for the settled cipher’s key exchange method or relevant expansions.

Client Key Exchange Message

The user requires to send client key exchange message after sharing the user certificate message. When it comes to one-way SSL handshake, the user need to send a message after getting the message of Hello Done from the Server. However, in an HTTPS connection, the data exchanged between a server and the user will be encoded. A server uses Symmetric encoding for encoding due to its low computational cost as compared to Asymmetric encoding. We use a mutual key between a server and the user to perform symmetric encoding. This message is for generating a mutual key between a server and the user with complete privacy.

In case you are utilizing the RSA as a key exchange method, the customer need to create a 48-byte pre-master secret. Here, the user need to encode the pre-master secret with the help of public key and share it back to the server. The server will use the relevant private key to decode pre-master secret of that user.

The Final Words

After completion of the authentication process and generation of pre-master secrets, both the user and the server will receive the “change cipher spec message” specifying that the encryption of the communication has taken place between them. After the change cipher spec message, both will receive the Finished message. This message is the first encrypted message with the settled algorithms. However, the application data is exchanged only after both sides send this finished message and confirming the content of this message.

Symantec SSL Certificates

cheapest price: $241.00 VIEW ALL

RapidSSL Certificates

cheapest price: $17.00 VIEW ALL

Thawte SSL Certificates

cheapest price: $35.00 VIEW ALL

Comodo SSL Certificates

cheapest price: $9.00 VIEW ALL

GeoTrust SSL Certificates

cheapest price: $40.00 VIEW ALL

Sectigo's SSL Certificates

cheapest price: $15.50 VIEW ALL

Single Domain SSL

for single domain validation

cheapest price: $9.00 VIEW ALL

Wildcard SSL Certificates

for multiple sub-domains security

cheapest price: $40.00 VIEW ALL

EV SSL Certificates

for green bar & extended security

cheapest price: $70.00 VIEW ALL

Multi Domain SAN SSL

for multiple domains security

cheapest price: $45.00 VIEW ALL

Exchange Server (UCC)

for microsoft exchange servers

cheapest price: $45.00 VIEW ALL

Code Signing Certificates

for digital sign of applications

cheapest price: $80.00 VIEW ALL

Multi Domain Wildcard SSL

for multiple domains + subdomains

cheapest price: $145.35 VIEW ALL

Organization Validation

for SMBs to maximize web trust

cheapest price: $52.50 VIEW ALL