Browser request life cycle

When a browser executes a request, it goes through several steps, including DNS name resolution and the SSL/TLS handshake process. Here’s a simplified overview of the process:

  1. User Input: The user enters a URL into the browser.

  2. DNS Lookup: The browser needs to find the IP address associated with the domain in the URL. It first checks its local cache and the operating system’s cache to see if the IP address is already known. If not, it makes a DNS query to a DNS server to resolve the domain name. Modern browsers also use a technique called “DNS prefetch,” where the browser sends DNS requests directly to a DNS server as the page is loading to resolve addresses before the user clicks on the next link.

  3. TCP Connection: Once the browser has the IP address, it opens a TCP connection to the server at that IP address. This involves a three-way handshake where the client sends a SYN packet, the server responds with a SYN/ACK packet, and the client sends an ACK packet.

  4. SSL/TLS Handshake: If the URL uses the HTTPS protocol, the browser and server perform an SSL/TLS handshake to establish a secure connection. This involves the exchange of encryption keys and the server’s SSL certificate. The browser verifies the certificate with a certificate authority to ensure it’s valid and trustworthy.

  5. HTTP Request: The browser sends an HTTP request to the server. This includes the method (e.g., GET or POST), the path of the requested resource, and any additional headers or data.

  6. Server Response: The server processes the request and sends back an HTTP response. This includes a status code, headers, and the requested data (if available).

  7. Rendering: The browser parses the returned data and renders the webpage for the user to see.

This is a simplified overview, and the actual process can be more complex, involving additional steps and protocols depending on the specific circumstances. For example, the browser may need to make additional DNS queries and HTTP requests to fetch resources like images, scripts, and stylesheets. It may also need to handle redirects, cookies, and various other aspects of the HTTP protocol.

 

 


How Does SSL Handshake Work?

During this process, both the server and the client will set security parameters for the connection and verify each other. As a whole, here is what you need to know:

  • Both the client and server concur on the SSL/TLS version and cipher suites (groups of algorithms) to be used for security.
  • The server then transmits its SSL/TLS certificate to the client, which contains the server’s public key and other identifying information like the domain name.
  • The client ensures that the server is trustworthy by checking its certificate. Additionally, certificate validity and domain name conform to the certificate are also verified.
  • The client creates a symmetric session key for encrypting and decrypting data throughout the connection. After using the server’s public key to encrypt the session key, it is then sent to the server.
  • The server verifies the client’s message is genuine by decrypting the session key with its private key.
  • The session key is used to encrypt and decode messages between the client and the server, protecting the confidentiality of the data being transferred between them.


SSL/TLS Handshake Process

  • The client starts the process by saying “Hello” to the server, which indicates that it is ready to establish a secure connection. The message lists all the cryptographic information such as SSL or TLS version and supported CipherSuites along with the random byte string.
  • The server then sends back its “Hello” message along with SSL/TLS certificate and CipherSuites, session ID, and random byte string in the response.
  • The client uses the public key found in the certificate to authenticate the server of what it claims to be.
  • A “pre-master secret” is a secret key generated by the client and encrypted with the server’s public key. This encrypted key is then sent to the server from the client.
  • If the server has sent a client certificate request, the client will send a random byte string with the client’s private key.
  • The SSL/TLS server will verify the certificate sent by the client.
  • SSL/TLS client will send the “Finished” message which indicates the handshake part from the client’s end is complete.
  • SSL/TLS server will send the “Finished” message which indicates the handshake part from the server’s end is complete.
  • When the SSL/TLS Handshake is complete, the server decrypts the pre-master secret with its private key and uses it to generate the shared secret key. Using this shared key, the client and server can independently create session keys to encrypt and decrypt their data during transmission.



The SSL/TLS handshake is an essential part of HTTPS, which is the protocol used to secure most websites today. When a user visits an HTTPS website, their browser will perform an SSL/TLS handshake with the server before exchanging any data. This ensures that the user is communicating with the correct website and that their data is protected from eavesdropping.


SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are both cryptographic protocols that provide secure communication over a computer network. They are used to protect data in transit between two applications, such as a web browser and a web server.

SSL is the older protocol, and it was superseded by TLS in 1999. However, the term "SSL" is still commonly used to refer to both protocols.

TLS is the newer and more secure protocol. It uses stronger cryptographic algorithms and has been updated to address security vulnerabilities in SSL.



Vikash Chauhan

C# & .NET experienced Software Engineer with a demonstrated history of working in the computer software industry.

Post a Comment

Previous Post Next Post

Contact Form