Ever wondered what really happens behind the lock icon in your browser? I was curious about HTTPS, so I broke it down in simple terms
HTTPS = HTTP + TLS
TLS stands for Transport Layer Security which ensures:
Encryption – Data is unreadable to outsiders.
Authentication – You’re talking to the correct server (not a fake one).
Integrity – Data isn’t altered during transmission.
After the classic 3-way TCP handshake, there is a TLS process that happens to secure the communication between the client and the server.
This is how the TLS handshake works:
𝟭) 𝗖𝗹𝗶𝗲𝗻𝘁𝗛𝗲𝗹𝗹𝗼:
The client (browser) sends some information to the server that contains things like the TLS version and the encryption algorithms (cipher suites) it supports.
𝟮) 𝗦𝗲𝗿𝘃𝗲𝗿𝗛𝗲𝗹𝗹𝗼:
The server replies with the version of TLS and the encryption algorithm it chooses from the list provided by the client, and a certificate that includes the server's public key, server identity (domain name), and the signature of the certificate authority (to prove it’s not fake).
𝟯) 𝗖𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗲 𝗩𝗲𝗿𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻:
The client checks the server's certificate and verifies if it’s issued by a trusted authority, valid for this domain, and not expired.
𝟰) 𝗞𝗲𝘆 𝗘𝘅𝗰𝗵𝗮𝗻𝗴𝗲:
This is the most important step. Here, both sides agree on a shared session key, which is used for encrypting all further communication.
Typically, methods like Elliptic Curve Diffie-Hellman (ECDHE) are used to generate this key securely over the network. The server’s public key (from its certificate) is used by the client to send key information securely, ensuring that only the server can decrypt it (because only the server has the private key). Both the client and server then derive the same symmetric session key independently.
From this point onward, all communication is encrypted with fast symmetric encryption (like AES) using this session key.
Top comments (0)