This blog is all about Cyber Security and IT

Tuesday, April 19, 2022

What happens when we type HTTPS in browser - Interview Question


Usually whenever I take Interview for any candidate related to security background. I must ask one question.

What happens when we type https://example.com

Mostly security people know answer this question. With this answer i come to know how in-depth knowledge candidate have in this domain. 

Let's try to understand the concept in a little brief.

Websites are secured by https protocol. But most of us do not have clear concept about how it really works. Let me give you a high level overview of how https works.


Suppose we are trying to access https://abc.com. After typing the url in address bar of browser when we press enter first SSL handshaking happens. 

First When we type a domain and click enter 

  • Domain Name resolve to IP address by DNS server and request reaches to the server we want to communicate with.
  • Then the server immediately responds to the initial connection by offering a list of encryption methods the webserver supports.
  • The client selects a connection method. Then the client and server exchange certificates to authenticate their identities for this first server sends its public certificate to the browser. 
  • After receiving that public certificate browser performs some tasks. 
  • First it validates signature of the certificate. For this it takes the value of Issued by field and search in Trusted Root Certification Authorities certificate store to get the public key of that authority. If it finds that public certificate it uses that to validate the signature of the public certificate received from abc.com. Popular certificates providers are VeriSign, GoDaddy etc.
  • Next it tries to match value of Issued to field with domain name(here abc.com). 
  • Next it checks validity period of that certificate to check it expired or not. 
  • After that it calls to check the revocation list of that certificate authority in the web to check is that certificate blacklisted or not.
  • If everything goes fine the browser generates a random key and encrypt the key with that public key got from server and sends that encrypted value to the server(abc.com). Because it is encrypted by the public key of abc.com no one except abc.com can decrypt it. When server(abc.com) got this encrypted key it uses its private key to decrypt it. Then both server(abc.com) and browser uses that random key sent from browser to encrypt, decrypt, sign and verify signature of all data sent or received between them in that communication. Thus using symmetric encryption data remains secured in https communication. 

1 comment:

  1. when ?May i ask any query on ur given mobile no. 9988663321...

    ReplyDelete