August 06, 2009

What Happens When an HTTPS Connection is Created?

Did you ever wonder exactly what happens when you click on "Proceed to Checkout" at Amazon and the little padlock icon appears in the browser's address bar or status bar to indicate a secure SSL/TLS connection has been setup?

This article by Jeff Moser provides a detailed analysis of the first milliseconds when an HTTPS connection with Amazon is established. It shows the steps involved in the client and server identify themselves to each other, checking credentials (X509 certificates), exchanging session keys and bootstrapping the encrypted channel, and finally deliverying the HTML page over that new secure connection.

You may never need to know this level of detail about the underlying communications technology that you probably use everyday without thinking about it much, but if you have any interest in security or communications protocols, then it is fascinating to take a peek under the hood and see what is really going on.

Thanks goodness that modern browsers handle all this crypto complexity for us!

Entry categories: Interoperability Security Standards
Posted by Jorgen Thelin at August 6, 2009 07:46 AM - [PermaLink]