Transcript from the "TLS Handshake" Lesson
>> Mike North: All right, so let's talk about the TLS handshake in a different way. I like chat bubbles. So the client says, I'd like to communicate securely with you, server. And I understand the following ciphers, they're called orange, whiskey, and cherry. So the server says, well, amongst those options, I support whiskey and it is the most secure of the ones that we share.
[00:00:21] So we'll use that in the future, when we start communicating securely with that session key. By the way, here's my certificate, it is signed by someone you trust. So check me out, and if all looks good you may continue communicating with me. And server delivers it's public key, which enables the client to send it some secrets.
[00:00:44] The client says, yes your certificate checks out the way it does this. It will compare that certificate to some trusted roots that come with your operating system or browser. And these are the things like a Comodo root certificate, right, Apple has a root certificate. These are basically, people who we trust to validate and vet owners of certificates they authorize.
[00:01:13] So if you say, I trust a Comoda root certificate, you trust anything that it signs.
>> Mike North: And that allows them to distribute things, that other users will trust. So if you check, if you like the certificate, then you can proceed to the next step. So a night is for the client to generate the big random number.
[00:01:34] The session key encrypted with the public key, so the server is the only one that can read it. It never leaves the client except when encrypted by that public key. And at this point, it basically announces that it is done with plain communication, unencrypted communication. From this point on, it's gonna use the whiskey algorithm with the symmetric key of whatever that big number was.
[00:02:01] Server agrees, and then it begins encrypted communication at which point we have completed the TLS handshake. So the takeaway here, is the public and private keys you generate that's just for the key exchange. All of the other stuff is done by symmetric encryption, because it's must faster it can encrypt content of an arbitrary length.
>> Mike North: And it's better to just use those disposable keys back and forth, right?