https://www.youtube.com/watch?v=cuR05y_2Gxc
A client sends hello message. So what are included in that hello message?
version number, protocol TLS 1.2 1.3, whatever. Also ciphr suit that client can support.
Server side should be supporting those. ( server side can be configured as to support some suits and some not due to vulnerabilities) Server side chooses which cipher suits will be used basing on the ones that are supported via client.
Server side sends hello message back to the client along with a certificate including server’s public key. So client can use this public key in order to encrypt things, and than server can decrypt using private key.(Asymmetric encryption in place).
Client checks if it is a valid certificate ( If it is revoked or not)
Server also sends a “hello done” message to client and hello part ends.
At that point, client creates a “Pre master secret”(something like a session key) and encrypts this with server’s public key. And sends it to server. (Key exchange, Change Cipher Spec). Now both client and server calculates the same symettric key from pre-master secret.. After that point client and server will communicate with symmetric encryption and they will be using that symmetric key. And client sends a “Client finished” message to server.
(RSA, Elliptic curve and diffie helfman algorithms may be used in that key exchange process.)
Server sends “Change Cipher Spec” message. Which means that “ok now i am switching from asymetric encryption to symetric encrption”. This will create an advantage in bulk encryption because symetric encryption is faster.
Server sends “Server finished” message.
And than bulk data is encrypted and transferred. (AES can be used)
