Explained in 10–15 minutes. save this post before your next interview.
We use it every day — HTTP. we all know that it is a protocol, widely used everywhere. and we also know: Https is a “certificate version” of HTTP, and it is secure.
But what exactly happened to make it secure? Let's get into the details.
#1 TCP Handshake
Https is on top of TCP. same as every TCP connection, 3 steps handshake is happening.
A standard TCP handshake flow. the only part to highlight is that this “feature” in TCP is to “make sure” the message being sent must be delivered. HTTPS is built on top of TCP to make sure the same thing happens (using ack and seq). details
#2 Certificate checking
A couple of things happening:
#1 client sent the server its supported cipher suite (explained below).
#2 Server replies with the “selected cipher suite”(which server “thinks” is most secure) to be used later.