TLS Handshake - EVERYTHING that happens when you visit an HTTPS website

No video

TLS Handshake - EVERYTHING that happens when you visit an HTTPS website

Рет қаралды 113,859

Күн бұрын

TLS (formerly SSL) is the protocol that makes it safe to do anything on the Internet. It's the protocol that enables that little padlock which gives you the green light to put in your password or bank account number. In order to get the padlock, however, something has to occur between you and the website you are visiting... that something is known as the TLS handshake.
The TLS handshake validates the two endpoints in the conversation, and exchanges the cryptographic material used to create Session keys which will then protect the web browsing session with Encryption, Integrity, and Authentication.
In this video, I'll show you every step of the handshake, what the client knows, what the server knows, and everything they exchange and learn from what is sent across the wire. I'll show you how they create each key involved in securing internet communication.
To be clear, this Handshake also occurs every time you use an SSL VPN as well, and as time goes on, will be used anytime any communication occurs over a computer network.
00:00 - Teaser / Intro
00:40 - TLS Handshake - Background Information
02:25 - Client and Server - the starting point
03:12 - Client Hello - Version, Random Number, Session ID, Ciphers, Extensions
05:16 - Server Hello - Version, Random Number, Session ID, Ciphers, Extensions
07:58 - Server Certificate - Full Certificate Chain
08:38 - Server Hello Done
09:11 - Client Key Exchange - RSA Key Exchange
11:36 - Pre Master Secret, Master Secret, Session Keys
13:56 - SSL/TLS Create TWO secure tunnels
15:53 - PseudoRandom Function (PRF)
17:38 - Do the Client & Server know they have the right keys?
18:22 - Change Cipher Spec (from Client)
18:56 - Client Finished
21:42 - Server Finished & Change Cipher Spec
24:17 - Sharing Protected Application Data
25:04 - Outro & Summary
26:13 - TLS 1.3 Changes Everything... Practical TLS Discount
🔑 More free lessons from the course:
• Practical TLS - Free L...
🔐 More details about the course:
classes.pracne...
🏢 Do you configure or troubleshoot TLS/SSL for work? If so, I'm willing to bet your employer would happily pay for this SSL training. Reach out if you'd like to coordinate an introduction for a bulk license purchase with your company. I'm happy to provide a generous referral bonus =)
💬 Join Practical Networking Discord
/ discord
#ssl #tls #cybersecurity

Пікірлер: 193

@PracticalNetworking Жыл бұрын

👉 *More free lessons:* kzbin.info/aero/PLIFyRwBY_4bTwRX__Zn4-letrtpSj1mzY ✨ *Full course:* pracnet.net/tls 💲 *Coupon Code* for 50% off: youtube50

@dilipbalaiyan6268 Жыл бұрын

I should salute for all your efforts of these videos. It's really helpful for me. You're massive of crispy to the point. I don't know where I can give you kudos for your work.. Thanks a lot.

@PracticalNetworking Жыл бұрын

@@dilipbalaiyan6268 Glad you are getting a lot out of this content. If you're really wanting to help, the best way is to spread the word about this content =). Shares on Twitter/LinkedIn/Reddit are greatly appreciated. Cheers, Dilip.

@dilipbalaiyan6268 Жыл бұрын

@@PracticalNetworking definitely

@PracticalNetworking Жыл бұрын

@@dilipbalaiyan6268 Thank you kindly =)

@cslb38 Жыл бұрын

Its worth every penny, such a small price vs large reward! Great work Ed!

@AliYahyaabadi 7 ай бұрын

I wanted to take a moment to thank you for your incredibly helpful tutorial on TLS/SSL. I'm so grateful that you took the time to create such a detailed and informative resource.

@PracticalNetworking 7 ай бұрын

You're very welcome. If you want more, you might also enjoy the full TLS course as well.

@chiefriver 8 ай бұрын

Thanks for all your quick responses here and on Twitter! Until I buy a class just wanted to say thanks as you are great at fulfilling your mission of bridging the gap between overly technical documentation, RFCs etc and simplified examples that leave us with more questions than answer!!! Keep it going and thanks again!!

@PracticalNetworking 8 ай бұрын

Thanks for the kind words. Glad to help. Thanks for supporting the channel =)

@umairsafdar7444 Жыл бұрын

One of the best and highly detailed explanations of TLS Handshake. Thanks for putting this out for free !!

@PracticalNetworking Жыл бұрын

Thank you for the kind words. You're very welcome, Umair.

@user-up7uj7ky3k 6 ай бұрын

One of the absolute best training videos I've watched in the recent past! The author seems to have an impressive understanding of the audience new to the topic. Pacing of the video is spot-on for me, making the learning experience truly captivating

@ivanshmilyk7614 Ай бұрын

I kept struggling with those 5-6 min long videos on TLS/SSL handshake and was sure I needed to find a longer all-in-one video, and yours is really by far the best explanation here, thank you, I hope KZbin's algorithm will recommend this to more people who search on this topic

@jerrygowen1604 Ай бұрын

THANK YOU!!! so many different videos separate everything and its hard to really understand the whole topic and how it fits together. Thank you for doing what nobody else does

@mikoajszczepaniak5134 4 күн бұрын

The best solid tutorial i have ever watched. Congrats 😅

Ай бұрын

I just wanted to say thank you for your amazing tutorial on TLS/SSL. I really appreciate the time and effort you put into making such a comprehensive and informative guide.

@alirezajalali9265 11 ай бұрын

after all these years in IT , now I fully understand TLS . thank you so much

@scottspa74 Жыл бұрын

As someone lucky enough to have won access to the full TLS course, I have to agree that there is enough detailed content in it to answer any questions a person may have after watching this. Excellent course! Definitely worth the cost! 👍 Really, really looking forward to 1.3 with quic.

@PracticalNetworking Жыл бұрын

Thanks for the kind words, Scott =).

@ankitsharma-ef3cs Жыл бұрын

OMG !! What an explanation Ed. This is the best content for TLS-Handshake and i'm so glad to find. Lots of love from INDIA 💌

@PracticalNetworking Жыл бұрын

Cheers Ankit. Glad you enjoyed it =).

@DG-fs1pq Жыл бұрын

I finally purchased your Practical TLS class last night. Ready!!!

@PracticalNetworking Жыл бұрын

Awesome! Welcome to the course!

@michaelmendoza9824 11 ай бұрын

Simply and ABSOLUTELY fantastic content! I’m sold and now a paid course subscribed student looking forward to consuming ALL the content and putting it to practical use! Kudos! MM

@PracticalNetworking 11 ай бұрын

Glad you enjoyed it, Michael =)

@justsomebody14 9 ай бұрын

This is a gem! Thanks for your free course!

@satishbabugudapati9741 Жыл бұрын

This was beautiful video on internet. Thanks Ed

@PracticalNetworking Жыл бұрын

Glad you enjoyed it, Satishbabu!

@jhde9067 Жыл бұрын

I'm glad I subscribed to the channel after finding the website.

@PracticalNetworking Жыл бұрын

Me too =)

@AbhishekD538 4 ай бұрын

Really appreciate all the work you do! This was very helpful, clear and detailed at the right level of abstraction. Thank you. 🙏

@rudrasalaria3431 Жыл бұрын

As always you clear my doubt aboutTLS 1.2. Thank U Sir. Lots of Love from india. ❤️🇮🇳

@PracticalNetworking Жыл бұрын

You're welcome, Rudra. =)

@jaishankarpatil4554 2 ай бұрын

The best ever TLS Handshake Explained..

@amzathblaiseyehouessi7028 10 ай бұрын

I hit the LIKE button 6 times to give you tha round of applause. You actually deserve it more than me. Thank you!

@PracticalNetworking 9 ай бұрын

Thanks for the kind words and your support =) And the six likes ! ;)

@power8667 10 ай бұрын

The best explanation of the concept on the internet I have seen! Thank you.

@ericschneider2546 7 ай бұрын

OMG! Thank you so much!!! This was EXACTLY the video I needed to understand what was missing, and I was looking for it so badly! Best explanation ever!

@mujahid509 6 ай бұрын

Lucky to come across this explanation..best for SSL handshake

@infomoreandmore 10 ай бұрын

This is the best explanation so far I got around SSL handshake. Thanks a lot!

@poojarrao 11 ай бұрын

This is by far the best explanation I’ve seen on the internet. Thank you so much for sharing!! I’m sure this video has helped a lot of us here :)

@karamjeetpadam4719 Ай бұрын

Thanks much for the free video.

@KrishnaChrist Жыл бұрын

Hey someone, can you please come back & remove your 'single' DISLIKE from this video please. This insightful video doesn't deserve dislike at all.

@PracticalNetworking 11 ай бұрын

Seriously! ;p

@h.b.7190 6 ай бұрын

I want to Thank you for all the content you made to create such a wonderful playlist. It took me a while to understand whats going but it all makes sense. It’s so fascinating and it blows my mind that smart people created a secure tunnel for secure communications. Me in my 30s as a employee in a facility management company trying to make a step into information technology and let my path of life go in a new direction. Unfortunately I can not afford a full TLS course from your website but let me spend you a coffee at least. Thank you so much man. God bless you Is there name of your song you always use for intros? I would like to listen to it, while thinking about the TLS handshake step by step 😊

@PracticalNetworking 6 ай бұрын

Thanks for the kind words, and thank you for supporting the channel. I'm at the gym at the moment, and don't recall what song I used in this video. But if you reach out to me on discord, I'll tell you the song... And gift you a scholarship to the course.

@CyberTronics Жыл бұрын

Beautiful can’t wait for the TLS 1.3

@PracticalNetworking Жыл бұрын

Thank you, Hamza.

@MohammadJK197 5 ай бұрын

very detailed and easy to understand. This was awesome, thank you

@RowenaReddragon Жыл бұрын

you are hands down the best teacher! i cant thank you enough. truly grateful 🙏

@PracticalNetworking Жыл бұрын

You're very welcome! Hope to see you in the full course soon!

@emonhossain4353 Жыл бұрын

Thank you

@kienphan6436 Ай бұрын

Excellent work. Thank you.

@rahmounmedelmahdi4181 Жыл бұрын

you know the video is good when you spend 2 hours on watching 30 min good job. I wish there were free access to the rest of the content.

@PracticalNetworking Жыл бұрын

@ghinwabadawi983 4 ай бұрын

best explanation about TLS Handshake! loved it!

@scottspa74 Жыл бұрын

I'll DEFINITELY be rewatching this! Also, great way to incentivize yourself to finish up TLS 1.3 👍😁 Can't wait for that!

@PracticalNetworking Жыл бұрын

@trailerhaul8200 Жыл бұрын

Man 100K subscribers. It was way less a year ago. You are Networking great :))

@PracticalNetworking Жыл бұрын

Progress has been slow and steady, but it finally got to 100k =). Excited to see where it goes next !

@sarathreddy844 7 ай бұрын

Highly knowledgeable content!

@orilio3311 Жыл бұрын

absolutely incredible video. this is the one greatest explenation of TLS I've managed to find. thank you! I hope my cyber security course test score will show I've understood the protocol :)

@PracticalNetworking Жыл бұрын

Thank you for the kind words =) Glad you enjoyed it!

@shajigopinath Жыл бұрын

One of the best session which i watched. Thanks for the detailed and clean explanation.

@pixelmage3523 Жыл бұрын

holy fuck this blew my mind as to how easy it was to understand it

@PracticalNetworking Жыл бұрын

Anything can be easy if it's explained well. Glad you enjoyed this video =)

@muhammadumarwaseem 9 ай бұрын

You sir, are a legend! Great video, well explained.

@cslb38 Жыл бұрын

Yet again an amazing demonstration of excellence!

@PracticalNetworking Жыл бұрын

Thank you! Cheers!

@jhde9067 Жыл бұрын

OMG THANK YOU SO MUCH, I NEEDED THIS. Not sure many made it as clear and detailed as that.

@PracticalNetworking Жыл бұрын

Glad this helped =). Please feel free to share it if you know others that might also benefit from this.

@user-ds2yw2ct9n 3 ай бұрын

A very good lullaby!

@yared09 11 ай бұрын

Crisp and clear explanation ever!

@estebanechavarria5609 Жыл бұрын

I was so shocked about all the things that are being done behind the scenes when you access an https website that I'm thinking that I would be exhausted and do not want to exchange data anymore after that long handshake haha

@misha2082 Жыл бұрын

Wow. What a great video. I definitely learned something new today about SSL keys

@sushilshiwaniwal 4 ай бұрын

Very Well Explained, Thanks 😊

@PracticalNetworking 4 ай бұрын

You're welcome!

@Felitsius 7 ай бұрын

Wow that was such a good explanation! Thank you heaps, I wish my tutors had a similar skill to transfer knowledge - it is a skillset of its own!

@gedankenthesis Жыл бұрын

This explanation was absolutely amazing! Thank you so much!

@PracticalNetworking Жыл бұрын

You're welcome, Arvind !

@aniruddhsharma8342 Жыл бұрын

Must say that if we were to speak of only the Handshake then this is the best video, would request you to cover the Certificate Change of Trust, Record and Alert Protocol as well. Thank you

@PracticalNetworking Жыл бұрын

GLad you enjoyed this video, Aniruddh! The rest of those topics are covered in the full course!

@cvasilak Жыл бұрын

excellent description, thank you!

@PracticalNetworking Жыл бұрын

You're very welcome, Christos!

@alfiogiuffrida1007 10 ай бұрын

Great course! Very well explained. Thanks!

@user-sw3sw2ur3g 10 ай бұрын

Hi! I study cryptography and your videos are the best in the whole Internet! Could you please specify the exact way of combining pre-master key\master-key with random values and strings before putting them into PRF? With love from Ukraine

@duckduck9954 Жыл бұрын

One of the best explanation

@constantincoach372 3 ай бұрын

Love the content

@kevinlupien9520 Жыл бұрын

Always high quality content. Thanks!

@jyothibabugummapu1365 9 ай бұрын

Awesome...thanks alot

@bd5387 8 ай бұрын

Awesome! Thanks man. Great stuff.

@aleksandrkubar6255 Жыл бұрын

Perfect explanation, thanks!

@power8667 10 ай бұрын

Thanks!

@PracticalNetworking 9 ай бұрын

Thank you for supporting the channel =)

@mortezarezaei3006 Жыл бұрын

Thanks for the informative video.

@PracticalNetworking Жыл бұрын

YOu're welcome, Morteza!

@Sharing.learnings Жыл бұрын

Great content

@zerooneservices Жыл бұрын

Thanks for such an informative video.

@PracticalNetworking Жыл бұрын

Glad you enjoyed it =)

@encryptionforbeginners96 Жыл бұрын

Danke!

@PracticalNetworking Жыл бұрын

Thank you for supporting the channel! You're very welcome.

@kervinsingh6213 20 күн бұрын

Hi Ed, at 8:40, i have the below questions: 1. Does the server always provide the root CA in the certificate chain? 2. if the intermediate CA is not provided by the server, how does the client decrypt the digital signature? 3. if the server provides the root CA, does the client use the public key of the root CA provided from the server, or the public key from the Client's own CA cert store? (i assume it's the latter)

@chrisfahie2767 Жыл бұрын

Wow thank you so much that really helped

@PracticalNetworking Жыл бұрын

Glad you enjoyed it =)

@shawnhan8122 Ай бұрын

just would like to clarify that the process described in this video is for key exchange algorithm using RSA right? If DHE is used, the server key exchange (with the DH public paramaters) message should be sent after the certificate record and before the server hello done record.

@PracticalNetworking Ай бұрын

Yep, correct. I outline a DHE KX in this twitter thread: twitter.com/ed_pracnet/status/1618272854667309058

@matiashuartamendia7977 10 ай бұрын

so RSA only here for key exchange? no encryption other than symmetric keys? is it then that the symmetric cipher comes into play with the keys to encrypt the payloads? is the hashing of handshake determined by cipher suite selecion for example SHA1?

@PracticalNetworking 9 ай бұрын

Correct. RSA just facilitates the key exchange, and signatures. It doesn't do any real encryption of data sent being client and server. Yes, hashing is determined by Cipher Suite selection.

@chiefriver 8 ай бұрын

Any videos doing a similar walk through but with Diffiehellman key exchange? Specifically on and where in the flow the client verifies that the server does possess the long term private key that corresponds with the earlier served x509 cert? Because it doesn't need to send a premaster secret like RSA where is this same validation check performed with Diffiehellman? Ex 11:10

@PracticalNetworking 8 ай бұрын

Great question! I don't have a video answer but the pinned post on my Twitter is exactly what you asked for: a walk through of the TLS handshake using diffie hellman as a key exchange. =)

@mharis6728 8 ай бұрын

Thanks for this video. I have a question related to session keys generation. How Master Secret, Client and server random and "key expansion" are used or combined in order to generate these 4 session keys? My second question is how Master secret is actually generated? You said we combine Pre-Master secret, client and server random and "Master Secret" but what mechanism or algorithm is used to generate it?

@bernardoolisan1010 4 ай бұрын

This is amazing, but people... why can't we just trust each other!

@PracticalNetworking 4 ай бұрын

Wouldn't that be much easier ;)

@santozard Жыл бұрын

Best of best!

@babai08 Жыл бұрын

U better live 100 more years ❤️❤️

@PracticalNetworking Жыл бұрын

@alexandrkovalsky1711 Жыл бұрын

great video!

@vijaybaskar2862 14 күн бұрын

Ed... please refer the video @11.26...what if the middleman sends server his own pre-master-key encrypted using server's public key. I guess server's public key is available to everyone. In this case, how does the server ensure's that the pre-master-key (encrypted with server's public key) it receives is from the actual client and not from someone else. BTW thanks for the video Ed.

@nishantdalvi9470 11 ай бұрын

This vide is awesome 💯 just having a little doubt from where did that key expansion field come which is been used for the formation of the session keys

@vishal57971 8 ай бұрын

My question is client send lists of cipher suite to server. What mechanism is work on server side and server choice one of cipher suite that client send in hello message

@avinashs8236 5 ай бұрын

does tcp handshake (sync, syn-ack, ack ) happen before this ssl/tls handshake when a user visits a website

@PracticalNetworking 5 ай бұрын

Yes, typically. There is a version of TLS over UDP that doesn't involve TCP 3 way handshake, but generally most TLS does. I have some videos on TCP here : pracnet.net/tcp

@majiddehbi9186 Жыл бұрын

great video thx

@PracticalNetworking Жыл бұрын

You're welcome, Majid.

@Sharing.learnings Жыл бұрын

Yeah good content1

@riadali1775 Жыл бұрын

Thank you so much! your video really helped alot. can you make video related to DNS management as well?

@silentrandom Жыл бұрын

Awesome content. Session Id 8 bytes or 64 bit. Just typo I guess

@PracticalNetworking Жыл бұрын

Yes, it's a typo, good catch =). I clarify it in the TLS 1.3 handshake lesson in the course.

@olsikapoli6287 Жыл бұрын

Great course Ed! I have a question on the Cipher Suites used (trying to go through the comments if it was asked before, but can't seem to find it, therefore I apologize for asking "again"). In TLS1.3, all RSA encryption and RSA cipher suites have been removed. The video started by Client having TLS1.3, but did not mention TLS1.2 libraries as well. Is it assumed in this course that Client and Server have both 1.2 and 1.3 for this handshake to work for this course?

@atabhatti6010 Жыл бұрын

At 5:56, the slide says Session Id in the Server Hello is 8 bytes / 32 bits? Is that right? Aren't 8 bytes 64 bits?

@PracticalNetworking Жыл бұрын

Yea, that's totally a typo. Someone mentioned this in my discord as well. It should say any range in 0-32 bytes. In reality, there is one field "Session ID Length" which is always 1 byte (8 bits, values 0-255, of which only 0-32 are valid) which indicates how long the actual "Session ID" field will be.

@joetecson 3 ай бұрын

Q: If a client initiates TLS 1.0 to a server and gets denied, will it open a new stream to renegotiate the higher TLS with the server or will it use the same quintuple stream on renegotiation?

@edwinjose1885 11 ай бұрын

Could you help clarify what's been explain at 14:40? The concept of two tunnels. Up until that point you've been saying that the keys both the client and the server have are identical. But you go into how TLS creates two tunnels and they are encrypted with two different pair of keys, and that even if one of the tunnel's been comprised, the attacker can only decrypt that tunnel and not the other. How does that work? Aren't both set of keys the same?

@edwinjose1885 11 ай бұрын

I think I may have understood it. BOTH the CLIENT and SERVER generates a SEED for it's respective tunnels that BOTH perform a RSA Key exchange for. Correct me if I'm wrong.

@VSHALETC Ай бұрын

Hello Ed, When you are going to add this course on Udemy?

@tanmoymallick8244 Жыл бұрын

did you upload the video for the packet capture of tls handshake that you said here ???

@shervinhariri6821 Жыл бұрын

Awsome

@rajrajesh Жыл бұрын

Great video. For @17.00 - Can you please help clarify if the client encryption key gets generated individually at the client and the server? If so, client and server have the same set of 4 pieces of information (Master Secret, key expansion, Client Random, Server Random) that is used for the random hash function. But how is it guaranteed that the random hash function returns the same value both at the client and the server?

@PracticalNetworking Жыл бұрын

The nature of Hashing is that if the Client and Server hash the same pieces of information, they will receive the same output. That is what is happening here, and how the encryption keys calculated by both Client and Server end up being identical.

@nikbura9500 Жыл бұрын

@@PracticalNetworking To Clarify this further, does this mean that the Client keys are generated using the client random number and the server keys are using the server random number to be generated? otherwise how can you make two sets of keys individually on each host and ensure both sets are the same?