UnicMinds

SSL HTTPS TCP Handshake in Wireshark

SSL Certificate & HTTPS

An SSL certificate is a file installed on the server of the website. It is simply a data file containing the public key that is used to encrypt the data being sent to that machine. SSL certificates are issued by certificate authorities, and therefore, browsers consider them trustworthy.

Public Key encryption

We learnt about the TCP 3 Way Handshake earlier, and very similar to that SSL also has a handshake mechanism. In this SSL Handshake, the client will first say a “Client Hello” and send its own public key and cipher suites and in response to that the Server will say a “Server Hello” and it sends the public key of the server in that message. The exchange of the keys will ensure that the communications will be encrypted with public keys.

Cipher Suites are a set of encryption algorithms that are an essential part of a TLS/SSL handshake and where both parties agree to use those ciphers to protect data transmissions.

SSL handshake
TCP Handshake and SSL Handshake - UnicMinds

Similarly, when the connection closure is requested, there is a Finish message sent and is acknowledged just as like in the TCP/IP Disconnection handshake.

You can also access the public key of a website by following the below steps.

Step 1: Type a https website name (say google.com or unicminds.com)

Step 2: Click on the lock icon on the left of the URL

SSL and HTTPS

Step 3: Click on “Connection is secure”

Step 4: Click on “Certificate is valid”

SSL Implementation

Step 5: 

And, you will see the public keys. You can look at the details of the certificate and who issued it. You can look for the section “Subject’s Public Key Information” and you can see the public keys and cipher suites.

Public Key SSL Cipher Suites

Hope this is useful, thank you.

You may like to read: TCP vs UDP in Wireshark, Network Basics – Ping & Traceroute, & The Meaning of STEM Education

BOOK A FREE TRIAL