Walk Through of an SSL Session

Peter Robinson

April 1999

How does SSL Work?

• By establishing a secure Web session.

Clicking on a secure Web site sends a “Client Hello” message to the Web server.

Web Server

Initiating a Secure Web Session

Hello, let’s set up a Web session.

A secure Web site begins with: https://

Web Server

The “Server Hello” includes its public key certificate and a signed blob of information which the Browser uses to verify that the server actually owns the associated private key.

The Server Response Message

Server

Server’s public key

Server Authentication

The server’s public key certificate is checked by the browser.

Server

Server’s public key

AT&T

GTE

ABC Co.

Verisign

Today is:

April 14, 1999

ABC Company

From: July 31, 1996To: Dec 31, 2003

A symmetric key is generated and copied to a message.

The symmetric key is encrypted with the Web server’s public key.

Generation of the Symmetric Key

Symmetric key

Server’s public key

The browser sends the encrypted symmetric key to the Web server so that they will each have a copy.

Web Server

Sending the Symmetric Key

The Web server uses its private key to decrypt the symmetric key.

Web Server

Server private key

Decrypting the Symmetric Key

Web Server

The SSL handshake is complete. A secure session is established and information can now

be securely passed back and forth between the browser and Web server.

SSL

Completion of the Handshake