Up next in 10
Inside the SSL Handshake How Your Browser.... #chatgpt #cybersecurity #privacyfirst
0 views
Jul 2, 2025
Inside the SSL Handshake How Your Browser.... #chatgpt #cybersecurity #privacyfirst
View Video Transcript
0:00
when you visit a website that uses SSL
0:02
your browser and the website server
0:04
engage in what's called a handshake to
0:06
establish a secure connection between
0:07
the two The security handshake is a
0:09
complex process that involves several
0:11
steps and that will vary depending on
0:12
what type of server and client device
0:14
you are using But the main thing that we
0:16
need to know is that SSL works to ensure
0:18
the communication between the browser
0:20
and the server is encrypted and secure
0:22
Here's a bird's eye view of what happens
0:23
in that handshake The security handshake
0:25
begins when the user's browser sends out
0:27
a client's hello message to the server
0:29
This message includes information about
0:31
the browser the operating system and the
0:33
encryption algorithm that the client can
0:35
support The server then receives that
0:36
client hello message and based on the
0:38
client's info will choose which type of
0:40
encryption they will use going forward
0:42
By default the server will choose the
0:44
most powerful encryption that the
0:46
browser the user device and the server
0:48
can support This is why you shouldn't
0:50
use sketchy or discontinued web browsers
0:52
I'm looking at you hardcore Internet
0:54
Explorer fans It's time to move on Once
0:56
that's done and your tears have all
0:58
dried up the server responds to the
1:00
client hello message with a server hello
1:02
message This message includes
1:03
information about the server and the
1:05
selected encryption algorithm that will
1:07
be used The server also sends its
1:09
digital SSL certificate which contains
1:11
its domain name certificate authority
1:13
and the public key that will be used for
1:15
encryption The client's browser then
1:16
checks the server's digital SSL
1:18
certificate to ensure that it is valid
1:20
and issued by a trustworthy certificate
1:22
authority One who signed or vouches for
1:24
that particular SSL certificate Side
1:26
note for all my site owners you will
1:28
need an SSL certificate and two because
1:30
of how fast bad actors can work their
1:32
magic Your SSL certificate will expire
1:34
and needs to be changed after a short
1:36
period of time typically every 90 days
1:38
Any modern browser will pretty much go
1:40
out of its way to stop users from
1:41
connecting to a site that has an expired
1:43
SSL certificate So consider yourself
1:46
warned and make sure that your SSL is up
1:48
to date Now back to the handshake If the
1:50
browser finds that the certificate is
1:52
valid the browser generates a random
1:54
session key and encrypts it with the
1:56
server's public key for the certificate
1:58
That encrypted session key is then sent
2:00
back to the server and the server
2:02
decrypts the session key using its own
2:04
private key and verifies that the
2:06
session key matches the one that was
2:07
generated by the browser before If the
2:09
session key is valid the server then
2:11
generates a finished message and sends
2:13
it off to the user The browser then
2:15
sends a finished message of its own back
2:17
to the server which includes a message
2:19
digest of all the previous messages
2:21
exchanged during the handshake If both
2:23
the server and browser have successfully
2:25
verified each other's messages a secure
2:27
connection is established and all
2:29
subsequent communications between the
2:30
browser and server will be encrypted
2:32
using that session key That's a brief
2:34
summary of how SSL handshakes
#Computer Security
#Network Security