tcp and tls handshake

TCP and TLS Handshake

TCP Handshake

TCP HANDSHAKE also known as TCP 3-way handshake is a process to initialize a connection between two hosts. It is a three-step process that requires both the client and server to exchange synchronization and acknowledgment packets before the real data transfer starts. Lets look at some jargon:

Sequence Number: Each byte of data is assigned a sequence number. This field in TCP packet will have sequence number of first byte of data present in this particular packet. For example if packet sent by host-A has seq num field 8900 and has 100 bytes data then next packet sent by host-A will have seq num 8900 + 100 + 1=9001

Ack Number: This indicates the next seq number sending party is expecting to receive. For example if host-B sends a TCP packet to Host-A with Ack number 9001, the receiving host-A will know that host-B has received data upto 9000 bytes and next packet from host-A to host-B should have seq number 9001.

Window: It is max allowed number of octets that the sender is willing to accept before an acknowledgement.

Window Size Scaling Factor (WS): The window scaling option is sent by each host, only during the 3-way TCP handshake in its SYN packet. Window Scaling only works if both sides include it as an option during the initial 3-way handshake (even if their multipliers are different). I guess that's why wireshark doesn't display multiplied window size in SYN packets.

Maximum Segment Size (MSS): MSS specifies the largest amount of data that a TCP speaker can receive in a single TCP segment. Each direction of TCP traffic uses its own MSS value, as this is a receiver-specified value.

SACK_PERM: This is TCP Selective Acknowledgment Option (RFC2018). It says that the two machines can use "selective acknowledgment", meaning that, instead of just saying "I got all bytes up to this sequence number", they can say "I got all the bytes in this range and all the bytes in this other range", with the implication being that bytes in ranges not listed were not received, so that they can say that they got bytes before and after some ranges, but not the bytes in the middle of the range.

3 Steps of TCP Handshake :

Step 1: Host-A initiates the connection by sending the TCP SYN packet to the destination Host-B. The packet contains the random sequence number (e.g. 2144665063) which marks the beginning of the sequence numbers for data that the Host A will transmit.

Step 2: The Server (Host-B) receives the packet and responds with its own sequence number. The response also includes the acknowledgment number, which is Host A’s sequence number incremented by 1 (in our case, that would be 2144665064).

Step 3: In this final step, Host A acknowledges the response of the Host B by sending the acknowledgment number, which is the Server’s sequence number incremented by 1. This establishes the connection and actual data transfer begins.

TLS Handshake

In TLS handshake, the two communicating sides exchange messages to acknowledge each other, verify each other, establish the encryption algorithms they will use, and agree on session keys.

During TLS handshake, the client and server together will do the following:

Specify version of TLS (TLS 1.0, 1.2, 1.3, etc.) they will use
Decide on cipher suites they will use
Authenticate the identity of the server via the server’s public key and the SSL certificate authority’s digital signature
Generate session keys in order to use symmetric encryption after the handshake is complete

The exact steps within a TLS handshake vary depending upon the kind of key exchange algorithm used and the cipher suites supported by both sides.

Resumed TLS sessions:

A resumed TLS session implements session identifier (session ID) to re-establish a previously negotiated session. When an TLS handshake is resumed, the client presents the session ID from the previously negotiated session. If the server finds the session ID in its cache and accepts the resumed session, it sends back the same session ID and the parties skip the public key operation. If the server does not accept the resumed session, it issues a new session ID and implements the full TLS handshake.

TCP connection Termination

After the data transmission process is finished, TCP will terminate the connection between two endpoints. This four-step process is detailed below:

Step 1: The client application that wants to close the connection sends a TCP segment with the FIN (Finished) flag set to 1.
Step 2: The server receives the TCP segment and acknowledges it with the ACK segment.
Step 3: Server sends its own TCP segment with the FIN flag set to 1 to the client in order to terminate the connection.
Step 4: The client acknowledges the server’s FIN segment and closes the connection.

Note: Step 2 and Step 3 may be merged in a packet when server has no data to send to client. So making it as a 3 way termination.

Openplatform.xyz Follow @openplatformxyz

Placeholder for our stuff related to Telecom, IT, Internet of things (IOT), ESP8266, Raspberry Pi