8. Key Exchange
ClientHello
The TLS handshake begins with the client sending a
ClientHello message to the server. This message
contains the following fields:
• Cipher_Suites
• Extensions
• Supported_Version
• Status_request
• Supported_groups
• Key_share
• Group
• Key_exchange
• Pre_Shared_key
ServerHello
The server responds to the client’s ClientHello
message with a ServerHello message if it’s able to
negotiate an acceptable set of handshake
parameters. This message contains the following
fields:
• Cipher_suite
• Extension
• Supported_versions
• Key_share
• Pre_shared_key
The server sends other extensions separately in the
EncryptedExtensions message.
9. Server Parameters
After the server sends a ServerHello message to the client, it sends two messages to establish
server parameters: EncryptedExtensions and CertificateRequest:
• EncryptedExtensions: This message contains responses to ClientHello extensions that are not
required to determine cryptographic parameters other than those that are specific to
individual certificates.
• CertificateRequest: If certificate-based client authentication is desired, then this message is
sent. It contains parameters for a certificate requested from the client. It includes the
following fields:
• certificate_request_context
• Extensions
• signature_algorithms
• signature_algorithms_cert
• certificate_authorities
• supported_groups
10. Authentication
Certificate
• This message contains the authentication certificate and any other
supporting certificates in the certificate chain.
• The server must send this message if the key exchange method uses
certificates for authentication.
• The client must send this if and only if the server requested client
authentication through a CertificateRequest message. The certificate
message includes the following fields:
• certificate_list
• extensions: Extensions that the Certificate message may contain
include the following:
• status_request
• signed_certificate_timestamp
CertificateVerify
• This message contains a signature over the
entire handshake using the private key
corresponding to the public key in the
Certificate message.
• It provides proof that the client or the server
has the private key corresponding to its
certificate. This message includes the following
fields:
• Algorithm
• signature
Finished
• This message contains a Message Authentication Code (MAC) over the entire handshake. Once the client and
server have verified the Finished messages that they have received from their peers, both sides may send and
receive application data over the connection.
11. Post-Handshake Messages
The client and server can send other messages after the handshake: new session ticket message, post-handshake
authentication, and key update.
New Session Ticket Message
• The NewSessionTicket message, sent by the server after it receives the Finished message, contains a pre-
shared key that the client then may use for future handshakes.
Post-Handshake Authentication
• If client sent the post_handshake_auth extension, the server may request client authentication at any time
after the handshake by sending a CertificateRequest message. If the client authenticates, then it must send
Certificate, CertificateVerify, and Finished messages. If the client declines, then it must send a Certificate
message that contains no certificates and the Finished message.
KeyUpdate Message
• The KeyUpdate handshake message is used to indicate that the sender is updating its sending cryptographic
keys. It replaces the ChangeCipherSpec message in TLS 1.2.
• You can specify a limit on the amount of data an algorithm may encrypt with a specific set of keys with the
jdk.tls.keyLimits Security Property. See Limiting the amount of data that algorithms can encrypt with a set of
keys.
12. Session resumption with a pre-shared key
TLS 1.3 handshake that establishes a PSK TLS 1.3 handshake that uses a PSK
13. Online Certificate Status Protocol
• OCSP is used to Determine x509 certificate revocation status during the Transport Layer
Security(TLS) handshake.
• Certificate Revocation List (CRL)
• Client Driven OCSP
• OCSP Stapling