Back to all posts

TLS & Certificates (Part 2): The Secret Handshake & Mutual Trust

techsecuritynetworkingtlsmtls

In Part 1, we covered the who of web security. We figured out that your browser trusts websites because they have an ID card signed by a 'passport office' (CA) that your browser already trusts.

Now for the how. How does your browser actually check that ID and start a secure conversation? This process is called the TLS Handshake.

The Handshake: A Secret Agent Meeting 🕵️

Think of the handshake like two secret agents meeting for the first time. Their meeting has two critical goals:

  1. Prove their identities to each other using official, trusted documents.
  2. Agree on a secret code (a cipher) that they will use for the rest of their conversation, ensuring no one else can listen in.

The TLS Handshake does exactly this: it verifies identity and then establishes a secure channel. Here’s a breakdown of the steps:

  1. Client Hello: Your browser kicks things off, saying to the server, "Hi, I need to talk securely. Here are the encryption methods (cipher suites) I know."

  2. Server Hello & Certificate: The server replies, "Hello back. From your list, let's use this specific method. And to prove who I am, here's my ID card – my Server Certificate."

  3. Client Verifies Certificate: This is the critical step that connects to Part 1. Your browser meticulously checks the server's ID:

    • Is it expired? An out-of-date certificate is invalid.
    • Does the name match? Does the certificate for samlearns.dev actually say it belongs to samlearns.dev?
    • Do I trust the issuer? The browser checks the signature on the certificate, following the chain of trust all the way back to a Root CA it has pre-installed. If the chain is valid, the server is legitimate.

  4. Key Exchange (The Secret Passphrase): Now that the browser trusts the server, it needs to securely share a secret. It generates a secret piece of data (the premaster secret), encrypts it using the server's public key (from its certificate), and sends it over. This is asymmetric encryption—anyone can lock the box with the public key, but only the server can unlock it with its private key.

  5. Secure Session Begins (Using the Secret Code): Both the client and server now use their shared secret to generate an identical set of new keys called session keys. This is where the communication switches to symmetric encryption, which is much faster.

    This set includes a client write key and a server write key. The browser encrypts the data it sends with the client write key, and the server uses its identical copy of that same key to decrypt it. When the server replies, it encrypts with the server write key, and the browser uses its copy to decrypt.

    With this secure, two-way channel established, the handshake is done. The padlock đź”’ appears.

For the Curious: But Why Two Separate Keys?

You might be wondering why they go to the trouble of creating separate client write and server write keys. Why not use one session key for both directions? This is a critical detail that prevents a clever type of attack called a reflection attack.

To understand this, let's imagine a flawed system where both client and server did use the exact same key for sending and receiving. An attacker sitting in the middle could do this:

  1. Your client sends an encrypted message: "Here is my request."
  2. The attacker intercepts it. They can't read it, but they can immediately "reflect" it—send that exact same encrypted blob right back to your client, pretending it's from the server.
  3. Your client now receives the message it just sent. In this flawed single-key system, the client is expecting messages from the server to be encrypted with that one shared key. Since the reflected message is encrypted with that key, the client is tricked into accepting it as a legitimate response. This could cause it to get confused, repeat an action, or crash. The goal of the imposter isn't to steal the data, but to fool the client by making it talk to itself.

This is why two separate "inks" are brilliant. The client agent only writes messages using Formula A ink (the client write key), and only accepts messages written in Formula B ink (the server write key).

When an attacker captures a Formula A message and reflects it back, the client simply ignores it. It's looking for a message under the "Formula B" light, and the reflected one doesn't show up. The attack is completely neutralized.

Flipping the Script: When the Server Checks Your ID (mTLS)

So far, only your browser has been verifying the server. But what if the server needs to be certain of who you are? This isn't for your average website, but it's essential for secure system-to-system communication.

This is called Mutual TLS (mTLS).

Why do you need it? Think about communication between microservices. The Orders service needs to be 100% sure that a request is coming from the genuine Payments service, not from a rogue script on the network.

How does it work? It's the same handshake, with one extra step. After the server shows its certificate, it says, "Great, I've shown you my ID. Now show me yours."

The client then presents its own Client Certificate. The server validates it in the exact same way the browser did—by checking it against a list of CAs it trusts. If both sides are verified, the connection proceeds. It’s a two-way ID check, establishing trust in both directions.

From Padlock to Production

That's the whole process. The padlock isn't magic. It's a logical, step-by-step procedure of verification and key sharing.

  • TLS is the standard one-way handshake where we verify the server. You use it every day.
  • mTLS is the two-way handshake where both client and server verify each other. You'll build with it.

You now have the full picture, from the foundational chain of trust to the handshake that puts it into action.

Did you find this helpful? Consider supporting my work!

Buy me a coffee