2. How does SSL Work?
• By establishing a secure Web session.
3. Initiating a Secure Web Session
Hello, let’s set up
a Web session.
Web Server
• Clicking on a secure Web site sends a “Client Hello”
message to the Web server.
• A secure Web site begins with: https://
4. The Server Response Message
Web Server
Server’s public key
Server
• The “Server Hello” includes its public key certificate and a
signed blob of information which the Browser uses to
verify that the server actually owns the associated private
key.
5. Server Authentication
Server’s public key
Server
• The server’s public key certificate is
checked by the browser.
AT&T
ABC Company Today is:
GTE April 14, 1999
ABC Co. From: July 31, 1996
To: Dec 31, 2003
Verisign
6. Generation of the Symmetric Key
• A symmetric key is generated
and copied to a message.
• The symmetric key is encrypted
with the Web server’s public key.
Symmetric key
erver’s public key
7. Sending the Symmetric Key
Web Server
• The browser sends the encrypted symmetric key to
the Web server so that they will each have a copy.
8. Decrypting the Symmetric Key
Web Server
• The Web server uses
its private key to
decrypt the
symmetric key.
Server private key
9. Completion of the Handshake
SSL
Web Server
• The SSL handshake is complete.
• A secure session is established and information can now
be securely passed back and forth between the browser
and Web server.