概述
An HTTPS connection involves two parties: the client (the one who is initiating the connection, usually your web browser), and the server. These two parties are the ones that ‘shake hands.’ The purpose of the SSL/TLS handshake is to perform all the cryptographic work needed to have a secure connection. This includes authenticating the SSL certificate being used, and generating an encryption key.
the TLS handshake accomplishes 3 main things:
- Exchanging cipher suites and parameters
- Authenticating one or both parties
- Creating/Exchanging symmetric session keys
Why need it
How it work
Negotiating Cipher Suites
Authentication
Key Exchange
The last part of the TLS handshake involves creating the “session key,” which is the key that will actually be used for secure communication.
附录
理解ssl-ciphers
我们以ECDHE-ECDSA-AES128-GCM-SHA256来做示例说明,
| 字段名 | 字段说明 |
|---|---|
| ECDHE | Key Exchange: Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) |
| ECDSA | Authentication: Elliptic Curve Digital Signature Algorithm (ECDSA) |
| AES128-GCM | Encryption: Advanced Encryption Standard with 128bit key in Galois/Counter mode (AES 128 GCM) |
| SHA256 | Hash: Secure Hash Algorithm 256 (SHA256) |