TLS握手的过程

翻译自 https://www.ibm.com/docs/en/ibm-mq/9.0?topic=tls-overview-ssltls-handshake

1. The TLS client sends a client hello message that lists cryptographic information such as the TLS version and, in the client’s order of preference, the CipherSuites supported by the client. The message also contains a random byte string that is used in subsequent computations. The protocol allows for the client hello to include the data compression methods supported by the client.

TLS客户端发送client hello，里面包含了加密的信息，如TLS version, client支持的加密方式，客户端随机字符串，如下图所示

2. The TLS server responds with a server hello message that contains the CipherSuite chosen by the server from the list provided by the client, the session ID, and another random byte string. The server also sends its digital certificate. If the server requires a digital certificate for client authentication, the server sends a client certificate request that includes a list of the types of certificates supported and the Distinguished Names of acceptable Certification Authorities (CAs).

TLS服务端响应server hello消息，包含了服务端选择的加密方式， session ID， 以及服务器端随机字符串。 服务器同时发送certificate给Client。 如果服务端要求客户端做证书验证，服务端会发起一个client certificate request（客户端证书验证请求），包含支持的加密方式和可接收的CA。
客户端验证不是必须的，它从另一层保证了client的真实有效性，避免了一些非法用户的攻击行为，但是同时也增加了服务器的资源开销。

3. The TLS client verifies the server’s digital certificate. For more information, see How TLS provides identification, authentication, confidentiality, and integrity.

client验证server的certificate

4. The TLS client sends the random byte string that enables both the client and the server to compute the secret key to be used for encrypting subsequent message data. The random byte string itself is encrypted with the server’s public key.

TLS client根据客户端和服务端的信息生成secret key，使用服务器证书的public key加密，然后发送给Server。后续的通信将采用该secret key做对称加密。

5. If the TLS server sent a client certificate request, the client sends a random byte string encrypted with the client’s private key, together with the client’s digital certificate, or a no digital certificate alert. This alert is only a warning, but with some implementations the handshake fails if client authentication is mandatory.

如果Serve要求client certificate request，那么client会发送client的certificate，同时使用client的certifcate私钥机密的随机字符串；如果客户端没有certificate，那么会给一个无证书的通告。这个通告仅仅是个告警，但是有些强制要求client验证的实现会导致tls握手失败。

6. The TLS server verifies the client’s certificate. For more information, see How TLS provides identification, authentication, confidentiality, and integrity.

如果收到client certificate，Server会验证client‘s certificate

7. The TLS client sends the server a finished message, which is encrypted with the secret key, indicating that the client part of the handshake is complete.

TLS client发送包含secret key的finished消息，表示client端TLS握手完成

8. The TLS server sends the client a finished message, which is encrypted with the secret key, indicating that the server part of the handshake is complete.

TLS server发送finished消息，表示server端TLS握手完成

9. For the duration of the TLS session, the server and client can now exchange messages that are symmetrically encrypted with the shared secret key.

握手完成后，整个session对话过程Server和Client可以使用协商好的secret key用对称加密方式通信了。