在 TLS/SSL 握手中,客戶端和伺服器交換 SSL 憑證,並隨機生成資料來創建工作階段金鑰。
閱讀本文後,您將能夠:
複製文章連結
TLS is an encryption and authentication protocol designed to secure Internet communications. A TLS handshake is the process that kicks off a communication session that uses TLS. During a TLS handshake, the two communicating sides exchange messages to acknowledge each other, verify each other, establish the cryptographic algorithms they will use, and agree on session keys. TLS handshakes are a foundational part of how HTTPS works.
SSL, or Secure Sockets Layer, was the original security protocol developed for HTTP. SSL was replaced by TLS, or Transport Layer Security, some time ago. SSL handshakes are now called TLS handshakes, although the "SSL" name is still in wide use.
A TLS handshake takes place whenever a user navigates to a website over HTTPS and the browser first begins to query the website's origin server. A TLS handshake also happens whenever any other communications use HTTPS, including API calls and DNS over HTTPS queries.
通過 TCP 握手打開 TCP 連接後,將發生 TLS 握手。
TLS 握手過程中,客戶端和伺服器將進行如下操作:
TLS 握手是客戶端和伺服器之間交換的一系列資料包(消息)。TLS 握手涉及多個步驟,客戶端和伺服器交換完成握手和進行進一步對話所需的資訊。
The exact steps within a TLS handshake will vary depending upon the kind of key exchange algorithm used and the cipher suites supported by both sides. The RSA key exchange algorithm, while now considered not secure, was used in versions of TLS before 1.3. It goes roughly as follows:
All TLS handshakes make use of asymmetric cryptography (the public and private key), but not all will use the private key in the process of generating session keys. For instance, an ephemeral Diffie-Hellman handshake proceeds as follows:
*DH 參數:DH 代表 Diffie-Hellman。Diffie-Hellman 演算法使用指數計算來得到相同的預主密鑰。服務器和客戶端各爲計算提供一個參數,當它們組合在一起時,會在每一邊產生不同的計算,結果是相等的。
要詳細瞭解臨時 Diffie-Hellman 握手與其他類型握手之間的區別,以及它們如何實現前向保密,請參閱什麼是 Keyless SSL?
TLS 1.3 does not support RSA, nor other cipher suites and parameters that are vulnerable to attack. It also shortens the TLS handshake, making a TLS 1.3 handshake both faster and more secure.
The basic steps of a TLS 1.3 handshake are:
TLS 1.3 also supports an even faster version of the TLS handshake that does not require any round trips, or back-and-forth communication between client and server, at all. If the client and the server have connected to each other before (as in, if the user has visited the website before), they can each derive another shared secret from the first session, called the "resumption main secret." The server also sends the client something called a session ticket during this first session. The client can use this shared secret to send encrypted data to the server on its first message of the next session, along with that session ticket. And TLS resumes between client and server.
A cipher suite is a set of algorithms for use in establishing a secure communications connection. There are a number of cipher suites in wide use, and an essential part of the TLS handshake is agreeing upon which cipher suite will be used for that handshake.
要進一步瞭解 TLS/SSL,請參閱 SSL 的工作原理。要測試某個網站是否正確使用了 TLS,請訪問 Cloudflare Diagnostic Center。