TLS versus SSL
Both TLS and SSL are security frameworks that provide data encryption and authentication for web based applications to ensure data protection. An SSL and TLS handshake is a mechanism for web based applications which takes place just after the TCP handshake occurs between a client and a server. The handshake doesn’t encrypt anything on its own, but actually negotiates for a shared secret and encryption type which both sides agree on.
In the diagram below, we can see that just after the TCP and SSL handshake starts, a secure client sends a 'hello' message to the server with a supported set of ciphers. The server responds with a top support cipher and also shares its certificate with the public key:Â Â
Let's take a look at Wireshark to validate. A client sends all available cipher suits to a server marked in the black box:
In server hello, the sever sends the top cipher it can use for security, shown in the black box:
