Data Flow – HTTPS Traffic and Cipher Suites

Here’s a step-by-step breakdown of the data flow:

  1. DNS Resolution:

The user enters “https://cordero.me” into their browser’s address bar. The computer doesn’t know the IP address of the domain, so it sends a DNS query to the DNS server its configured to use. The DNS server responds back with the IP address corresponding to the domain “cordero.me.”

  1. TCP Connection:

With the IP address now known, the user’s computer initiates a TCP connection with the server at that IP address. This is the standard three-way handshake: SYN, SYN-ACK, ACK.

  1. SSL/TLS Handshake:

Once the TCP connection has been established, the client initiates the SSL/TLS handshake by sending a “ClientHello” message to the server. This message includes the SSL/TLS version, a list of supported cipher suites, and a randomly generated value (Client Random).

  1. Server Response:

The server then responds with a “ServerHello” message which includes the SSL/TLS version that will be used for the connection, the cipher suite chosen from the client’s list that it also supports, a server-generated random value (Server Random), and the server’s digital certificate (which contains the server’s public key).

  1. Certificate Verification:

The client verifies the server’s digital certificate against a list of trusted Certificate Authorities (CAs) it has stored locally. This ensures the server is who it claims to be.

  1. Key Exchange:

The client uses the server’s public key (from the certificate) to encrypt a new random value (the Premaster Secret) and sends it to the server in a “ClientKeyExchange” message. Both the client and the server now have the Client Random, Server Random, and Premaster Secret, which they use to independently calculate the session key(s) for encryption and decryption.

  1. Client Finished:

The client then sends a “ChangeCipherSpec” message, which indicates it will encrypt all further communication using the agreed-upon cipher suite and the generated keys. It then sends a “Finished” message (encrypted with the new keys) to verify that key generation and the handshake process was successful.

  1. Server Finished:

The server receives and decrypts the “Finished” message, verifies it’s correct, then sends its own “ChangeCipherSpec” and “Finished” messages (also encrypted with the new keys).

  1. Encrypted Data Transfer:

The handshake is now complete, and the client and server can securely exchange data over HTTPS. All data sent back and forth is encrypted using the agreed cipher suite and the generated keys.

  1. Closing Connection:

When the user is finished with the website, their browser sends a notification to close the connection. The server will acknowledge this and then the connection is closed. If the user visits the website again, the whole process repeats unless session resumption or persistent connections are used.

Please note that the above steps are a general case. Real-world scenarios may include additional steps like session tickets/resumption, client authentication, and various extensions in the TLS protocol.