Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Browser steps when opening HTTPS page

Tags:

https

ssl

I want to know steps that browser does when it opens HTTPS page to deeply understand every action that needs to be done by both parties(server and client). I know basic steps that it does but I want to get more into details. Links in Google that I have found describe general information but not the details.

Is there any source where I can read related info.

I've been thinking about looking into sources of Mozilla Firefox, but decided to ask here before.

Thank you.

like image 519
nomail Avatar asked May 15 '12 21:05

nomail

1 Answers

HTTPS is defined in RFC 2818. In short, the browser first establishes an SSL/TLS connection to the server and then sends HTTP requests/responses within this connection.

To establish the SSL/TLS channel, the client initiates a handshake, during which the server send its X.509 certificate. Besides the SSL/TLS handshake mechanisms, the browser verifies the certificate against a list of trust anchors it has (the trusted certificates) and against the name it's trying to access (the host name in the URL must match the certificate, as defined in RFC 2818 Section 3.1). Most of this is usually implemented within the SSL/TLS stacks, but some browsers can let you bypass this by adding exceptions (sometimes, permanent exceptions), so browsers also have a fallback mechanism in case the SSL/TLS stack fails to accept the certificate successfully.

The SSL/TLS protocol (and its handshake) are defined in the SSLv3, TLS 1.0, 1.1 and 1.2.

Using the server public key in the server certificate, the client and server is able to perform an authenticated key exchange, after which they have a pre master secret in common. The master secret and then the shared symmetric keys used for encrypting the application data are derived from this pre master secret.

The mechanisms used for this authenticated key exchange depend on the cipher suite. There are more details in the TLS specification itself.

If you want to learn by example, it's worth looking at the Wireshark sample data (as shown in this answer).

"The First Few Milliseconds of an HTTPS Connection" should also be of interest.

like image 176
Bruno Avatar answered Oct 02 '22 17:10

Bruno
Sign in to Comment

Related questions

Failed to find any PEM data in key
Spring Boot over HTTPS and SSL certificate on AWS
SSL UNSUPPORTED_PROTOCOL Python 3 in Docker
Set and verify SSL/TLS version used in Python MySQL connection
Error 525 with Cloudflare and Google Cloud Run
How to make a TLS connection using python?
SSL Client Authentication with certificate using c#
How to gain SSL load balancing?
IE: Choose a digital certificate from a blank, empty list
Windows certificate store
How to send\recive SslStream from TCP server in C#?
MySQL connection using ODBC (5.1) with SSL
What Defines Cipher Grades?
Unlimited Domains, Subdomains Certs with startssl.com?
Only secure content is displayed
HTTPS node app on Cloud Foundry
Create self signed SSL certificates in Python
SSL with javamail not working
Using filters to redirect from HTTPS to HTTP
What's means of Self-Signed Certificate in OpenSSL

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!