The client confirms the validity of the certificate before proceeding.
The certificate contains the server name, the trusted certificate authority (CA) that vouches for the authenticity of the certificate, and the server's public encryption key.
The protocols use a handshake with an asymmetric cipher to establish not only cipher settings but also a session-specific shared key with which further communication is encrypted using a symmetric cipher. Once the client and server have agreed to use TLS, they negotiate a stateful connection by using a handshaking procedure. Another mechanism is for the client to make a protocol-specific request to the server to switch the connection to TLS for example, by making a STARTTLS request when using the mail and news protocols. For example, port 80 is typically used for unencrypted HTTP traffic while port 443 is the common port used for encrypted HTTPS traffic. One of the main ways of achieving this is to use a different port number for TLS connections. Since applications can communicate either with or without TLS (or SSL), it is necessary for the client to request that the server sets up a TLS connection. 8 Support for name-based virtual serversĬlient-server applications use the TLS protocol to communicate across a network in a way designed to prevent eavesdropping and tampering.7.1.2 Client-authenticated TLS handshake.6.1.13 Survey of websites vulnerable to attacks.6.1.12 Implementation errors: Heartbleed bug, BERserk attack, Cloudflare bug.6.1.2 Downgrade attacks: FREAK attack and Logjam attack.