Explain the concept and reasoning, why we need Session and Connections, two different things in SSL (what purpose(s) solved by session and what purpose(s) addressed by connection)
Session is like a memory or you can say a cache so if you have a valid session id or cookie you can resume the communication between the client and server.
The server needs to authenticate itself providing the SSL certificate to the client, but client side pe koyi certificate install hota hai kya? When we're hitting any https website, generally the server sends the certificate to the client, it shows the certificate was issued to xyz org by abc authority. However I read somewhere the mutual exchange also can be done, in that case how does the client generates the SSL certificate for itself? Is this what is called self-signed?
Nice explanation. Thanks Sir. One small query, under phase 3 it is mentioned as client certificate who/what it is referring to? I mean who generate client certificate, does all system (client) have its own default certificate or we have to create and install on client. Thanks in advance
It is optional (server to ask for client certificate and client to send it) and it is only used in 2 way SSL. This is generally used in corporate website on managed client devices like laptop, Android phone, IPAD etc, where company's PKI issues certificates to clients and then they use it to connect to some SSL application which is available only for those users with client certificates. In general internet browsing, like google, yahoo, Facebook etc. client certificate is not used.
I am unable to get session_id in the first step. Because after a successful authentication server actually provides session-id to the client. please explain
hello sir, my question is when the client sends data to the server for the first time how can the client encrypt that data because the client can't send plaintext to the server and in the first time client doesn't have the server's public key to encrypt that data from plaintext to ciphertext, so how can client encrypt data in first transmission ???
The SSL Handshake Protocol is a crucial part of establishing a secure connection between a client and a server using the SSL/TLS cryptographic protocols. It ensures that both parties can securely exchange encryption keys, verify each other's identity through digital certificates, and establish a secure communication channel. Let's delve into the details of the SSL Handshake Protocol: SSL Handshake Protocol Process: Client Hello: The SSL Handshake begins with the client (such as a web browser) sending a "Client Hello" message to the server. This message includes the client's supported SSL/TLS versions, a random number (Client Random), and a list of supported cryptographic algorithms. Server Hello: Upon receiving the "Client Hello," the server responds with a "Server Hello" message. In this message, the server selects the highest supported SSL/TLS version and cryptographic algorithm from the client's list. It also generates its random number (Server Random) and sends its digital certificate, which includes the server's public key. Certificate Validation: The client verifies the server's digital certificate to ensure the authenticity of the server's identity. It checks if the certificate is valid, has not expired, and is issued by a trusted Certificate Authority (CA). Key Exchange: After the certificate validation, the client generates a pre-master secret and encrypts it with the server's public key from the digital certificate. This encrypted pre-master secret is sent back to the server. Key Derivation: Both the client and the server now use their random numbers (Client Random and Server Random) and the pre-master secret to independently derive the master secret, which will be used to generate session keys for encryption and decryption. Session Keys: The client and server generate the session keys based on the master secret and the negotiated cryptographic algorithm. These session keys are used to encrypt and decrypt data during the secure communication. Finished Messages: The client and server exchange "Finished" messages to confirm that the handshake is complete and that both parties have established a secure connection. Information and Cyber Security Implications: The SSL Handshake Protocol is critical for ensuring the confidentiality, integrity, and authenticity of data transmitted over the internet. By using digital certificates and encryption, the SSL Handshake protects against eavesdropping, man-in-the-middle attacks, and data tampering. Confidentiality: The handshake process establishes a secure encrypted channel between the client and server, ensuring that data transmitted between them is protected from unauthorized access. Integrity: The handshake includes the exchange of cryptographic hashes that allow both parties to verify the integrity of the data. This prevents data from being altered or tampered with during transmission. Authentication: The server's digital certificate provides authentication, ensuring that the client is connecting to the correct server and not an impostor. Key Exchange Security: The SSL Handshake ensures that the encryption keys used for secure communication are exchanged securely and cannot be intercepted by attackers. Perfect Forward Secrecy (PFS): Many modern SSL/TLS configurations support PFS, which ensures that even if the long-term private key is compromised in the future, past communications remain secure. In conclusion, the SSL Handshake Protocol is a fundamental process in establishing secure connections over the internet. It plays a crucial role in ensuring the confidentiality, integrity, and authenticity of data transmitted between clients and servers. Understanding the SSL Handshake and its implications is essential for information and cyber security professionals to implement robust security measures and protect sensitive data from potential threats and attacks.
thik se samjha bhai... kyu itni halbali kar rha hai 5 min me! symmetric and asymmetric cryptography then symmetric key created and send by client to sever for further actual data communication.
complete non sense ! no info on how the server cert is validated how the keys are formed and encapuslated .data went from server to client n client to server finish🙏
Finally jo dundh raha tha mil gaya ... thanks bhai .... easily samjh gaya .
Exactly. Reading few moments before exams
His way of explaining the concept is damn!!!
Exam in few hours. Dil jeet liya aapne. Hugeeee respect!
SSL have two methods of handshake this one is two way .. You explain it perfectly ..
bohot hi jyada achi videos hai bhaiya... do video dekha hu dono ekdum ache se samjh aa gayi... kal agar pass hua toh sirf aapki wajah se hounga
you are the best man . i have my exams after 5 hours .huge respect
A Big Fan of yours.. Easy explanation ..Best Content .Simply amazing..Thank You Sir
Thank you sir. Please add RSA and Elgamal Digital signature scheme, it would help us a lot.
Very informative and very easy explanation .Your teaching skill is amazing.Thank you so much sir
Suprb, Maine bahut video dekha hai is topic main, but aj full samaj aa gaya, Thanks
Explain the concept and reasoning, why we need Session and Connections, two
different things in SSL (what purpose(s) solved by session and what purpose(s)
addressed by connection)
Session is like a memory or you can say a cache so if you have a valid session id or cookie you can resume the communication between the client and server.
Connection is as at layer 4 with TCP. Session is at SSL/application level.
Thank u very much sir ji. . Learn ho nahi raha tha... Now all concepts are clear... 🙏
Aapka video vake hi kamal ka hota hai... sir
Bhot hard baba ,Maja aagaya itna ache see explain kiye ho ,Shandaar Jabardast Jindabad... Check point p videos banaeye baba plz
thanks bro..very easy to understand..
👌👌👌 very informative lecture in easy way... thanks bro
Exceptional SSL Handshake!
Kitana easyl shikhate.ho dil se love u
thank you sir , you are great
Sir bahoot sara missing h , premaster secret key generated by client and by using the public key of server it's sent the data...phr se bna lo video
Thank you sir i was so stressed.
Nice and clear . Thank you for this knowledge sharing
Superb keep going it was clear explanation. Very good
Thank you Sir!!😊😊
Ty sir for making learning soo easy
Like your way of explanation ...Thanks
Thank u sir for your amazing teaching methods👍🏻
Really nice explanation....Thanks Bhai
u r the BEST
It would have been more useful if it shown in real time...however nice explanation.
Bhai tum.bahot ache ho
Ek no video
Thank you sir
The server needs to authenticate itself providing the SSL certificate to the client, but client side pe koyi certificate install hota hai kya? When we're hitting any https website, generally the server sends the certificate to the client, it shows the certificate was issued to xyz org by abc authority. However I read somewhere the mutual exchange also can be done, in that case how does the client generates the SSL certificate for itself? Is this what is called self-signed?
Fantastic!!!
Sir please upload cloud computing lectures
Very good
Please sir upload 6 unit video of ics
Thank you. Please add pretty good privacy(PGP) video.
Lecture kele aste na college la 😂😂
Great Video..!! But one question in phase 1 does client send the session ID? but how can client send the session ID?
why dont you just get the pcap file and check, you u people become silly
Jabardast
Thanks 😊 sir.......
Nice explanation. Thanks Sir. One small query, under phase 3 it is mentioned as client certificate who/what it is referring to? I mean who generate client certificate, does all system (client) have its own default certificate or we have to create and install on client. Thanks in advance
USINGX. 509
It is optional (server to ask for client certificate and client to send it) and it is only used in 2 way SSL. This is generally used in corporate website on managed client devices like laptop, Android phone, IPAD etc, where company's PKI issues certificates to clients and then they use it to connect to some SSL application which is available only for those users with client certificates.
In general internet browsing, like google, yahoo, Facebook etc. client certificate is not used.
@@RajivKumar-ee7xv Thanks 🙏🙏👍😊🇮🇳
client cert is not necessary
I am unable to get session_id in the first step. Because after a successful authentication server actually provides session-id to the client. please explain
thanks for saving me
Where is Symmetric and asymmetric key.. CA validation
hello sir, my question is when the client sends data to the server for the first time how can the client encrypt that data because the client can't send plaintext to the server and in the first time client doesn't have the server's public key to encrypt that data from plaintext to ciphertext, so how can client encrypt data in first transmission ???
Here we use deffi helman key exchange method. Please read it🙂
Clear picture of SSL Hand shake
brother ur mixing cipher suite and compression method
In Phase 3 how client send certificate ? Client Doesn't have certificate of its own
aap PGP pe bhi ek video bana sakate hai kya
Sir diffie Hellman explain with example.....plzzz exam h
The SSL Handshake Protocol is a crucial part of establishing a secure connection between a client and a server using the SSL/TLS cryptographic protocols. It ensures that both parties can securely exchange encryption keys, verify each other's identity through digital certificates, and establish a secure communication channel. Let's delve into the details of the SSL Handshake Protocol:
SSL Handshake Protocol Process:
Client Hello: The SSL Handshake begins with the client (such as a web browser) sending a "Client Hello" message to the server. This message includes the client's supported SSL/TLS versions, a random number (Client Random), and a list of supported cryptographic algorithms.
Server Hello: Upon receiving the "Client Hello," the server responds with a "Server Hello" message. In this message, the server selects the highest supported SSL/TLS version and cryptographic algorithm from the client's list. It also generates its random number (Server Random) and sends its digital certificate, which includes the server's public key.
Certificate Validation: The client verifies the server's digital certificate to ensure the authenticity of the server's identity. It checks if the certificate is valid, has not expired, and is issued by a trusted Certificate Authority (CA).
Key Exchange: After the certificate validation, the client generates a pre-master secret and encrypts it with the server's public key from the digital certificate. This encrypted pre-master secret is sent back to the server.
Key Derivation: Both the client and the server now use their random numbers (Client Random and Server Random) and the pre-master secret to independently derive the master secret, which will be used to generate session keys for encryption and decryption.
Session Keys: The client and server generate the session keys based on the master secret and the negotiated cryptographic algorithm. These session keys are used to encrypt and decrypt data during the secure communication.
Finished Messages: The client and server exchange "Finished" messages to confirm that the handshake is complete and that both parties have established a secure connection.
Information and Cyber Security Implications:
The SSL Handshake Protocol is critical for ensuring the confidentiality, integrity, and authenticity of data transmitted over the internet. By using digital certificates and encryption, the SSL Handshake protects against eavesdropping, man-in-the-middle attacks, and data tampering.
Confidentiality: The handshake process establishes a secure encrypted channel between the client and server, ensuring that data transmitted between them is protected from unauthorized access.
Integrity: The handshake includes the exchange of cryptographic hashes that allow both parties to verify the integrity of the data. This prevents data from being altered or tampered with during transmission.
Authentication: The server's digital certificate provides authentication, ensuring that the client is connecting to the correct server and not an impostor.
Key Exchange Security: The SSL Handshake ensures that the encryption keys used for secure communication are exchanged securely and cannot be intercepted by attackers.
Perfect Forward Secrecy (PFS): Many modern SSL/TLS configurations support PFS, which ensures that even if the long-term private key is compromised in the future, past communications remain secure.
In conclusion, the SSL Handshake Protocol is a fundamental process in establishing secure connections over the internet. It plays a crucial role in ensuring the confidentiality, integrity, and authenticity of data transmitted between clients and servers. Understanding the SSL Handshake and its implications is essential for information and cyber security professionals to implement robust security measures and protect sensitive data from potential threats and attacks.
Not exactly correct. Kindly read the exact protocol
Ty sir kal hamara security ka exam h ...
Same here bro ,from csjm University
@@haridasgupta1814 bro ..heheh ..I'm girl ...ohk ..all the best
Mera bhi hai kal exam ...Jai SPPU
Plz show practical in php
change cipher spec matlab??
Sir without beard apa acche dikhate ho young 😢
Damn ur too good !
Tls handshake bataiye
❤
thik se samjha bhai... kyu itni halbali kar rha hai 5 min me! symmetric and asymmetric cryptography then symmetric key created and send by client to sever for further actual data communication.
Sir u look like Rohit Sharma
khushi likes this.
client ko certificate kahan se mlta hai???
Client gets its certificate by its CA or domain PKI
Chiper spec I didn't understand phase 3 n 4
Not understood
don't spread wrong information. please check it nd be sure. u r not right. please correct ur self.
Ok ji
Superficial video, there is no packet level information
maza nahi aaya sir ji in 5 min
sir may i go to toilet.
complete non sense ! no info on how the server cert is validated how the keys are formed and encapuslated .data went from server to client n client to server finish🙏
Bro basic structure explain Kiya h 😊
You really want to learn whole syllabus in just one 5 min video😂
Thank you sir
😍
Thank you sir
Thanks sir ☺️