TLS 1.2

• TLS encrpyt all your application data in packet. Here is a whole process of how server/client exhange their keys and how they encrypt packets.

Before TLS, Server create CSR

CSR contains Country Name, State or Province Name, Locality Name, Organization, Organization Unit, Common Name

And next, Server send CSR to CA(Certificate Authority)

1. A -> Certificate Authority(Google, Amazon, etc.) CSR(Certificate Signing Request) : A’s pub_key + identity + sign(A’s priv_key,(A’s pub_key, identity))
2. Certificate Authority -> A check A’s sign and sign with Certificate Authority’s priv_key
3. A’s Certificate : CSR + sign(Certificate Authority’s priv_key, content1)
4. A -> B with A’s Certificate
5. B verify A’s Certificate with Certificate Authority’s pub_key

Here, Man in the Middle can not replace A’s pub_key with their pub_key.
Now Server has certificate! And from now, they can open port HTTPS(443).
To exchange server/client encryption key, TLS do handshakes. It is little bit different by its version. First TLS 1.2 version do their handshake as below.

Initial Handshake(2-RTT)

1. Client Hello
   • Client send Client Hello to Server
   • Client Hello : [Version, Nonce, Session ID, Cipher Suites, Compression Methods, etc.]
2. Server Hello
   • Server send Server Hello to Client
   • Server Hello : [Version, Nonce, Session ID, Cipher Suites, Compression Methods, etc.]
3. Certificate
   • Server also send certificate to Client
   • If Server need Client’s certificate, they reqeust.
   • Client verify Server’s certificate with CA’s pubkey and etc.
4. Server Key Exchange
   • Server make ECDHE key pairs and send public key to Client with message type Server Key Exchange
   • This key will be used to make ECDHE shared secret(symetric key).
5. Certificate Request(optional)
   • Server send Certificate Request to Client(if Server wants it)
6. Server Hello Done
   • Server inform Client that my handshake process is done!
7. Certificate(optional)
   • Client send certificate to Server
   • Server verify Client’s certificate
8. Client Key Exchange
   • Cient make ECDHE key pairs and send public key to Server with message type Client Key Exchange

     Encryption Keys Calculation

     • Server caculate PreMasterSecret(ECDHE shared secret) using Client’s public key.
     • Client caculate PreMasterSecret(ECDHE shared secret) using Server’s public key.
     • Server/Client caculate MasterSecret with PreMasterSecret, Nonce using HMAC.
     • MasterSecret has
       • Server/Client’s MAC key
       • Server/Client’s symetric key
       • Server/Client IV(Initial Vector) for CBC.

9. Certificate Verify
   • Client hash all handshake messages and sign, send to Server.
   • Server verify sign and compare hash that is same as mine.
10. Change Cipher Spec
    • Client inform Server that from now, i will send all messages with encrpyted data.
11. Finished(Encrypted Handshake Message)
    • Client hash all handshake messages and encrypt with shared-key, send to Server.
12. Change Cipher Spec
    • Server inform Client that from now, i will send all messages with encrpyted data.
13. Finished(Encrypted Handshake Message)
    • Server hash all handshake messages and encrypt with shared-key, send to Client.

TLS 1.3

1. Add 0-RTT, 1-RTT for handshake.
2. Remove key exchange methods that dont support forward secrecy.

Initial Handshake(1-RTT)

1. Client Hello
   • Same with TLS 1.2, but Client make ECDHE key pairs and send public key to Server with message type Client Hello
2. Server Hello
   • ServerHello + Server Key Exchange + Certificate Request + Certificate + Finished = encrypt(TLS1.3 Server Hello)”
3. Finished(Certificate + CertificateVerify + Finished=encrypt(TLS1.3 ClientHello)+ “Application Data” )
   • Certificate + CertificateVerify + Finished = encrypt(TLS1.3 ClientHello)
   • Here, Client can send add Application data(which is supported from TLS 1.3 1-RTT)

TCP+HTTPS+DNS RTT Comparison(TLS 1.2 vs TLS 1.3)

To summary, Here is table for comparing RTT with TLS 1.2 and TLS 1.3.