Jump to content

[HTTPS] a handshake at each request ?


Recommended Posts


I am working around the HTTPS protocol.

I made two request with my web browser:

1- request the login page

2-send my credential toward the server

I was inspecting my network mark, but I discover the HTTPS handshake is made each time the client (web browser) is making a web request. As you can see:


Is it a normal behaviour ? Making a new secret primary key each time isn't too weighty ?

I thought only one primary key was created at the outcome of the handshake and then use each time a new web request was made.

Feel free to explain me :)


Edited by pierre
Link to comment
Share on other sites

I am trying to type this on phone so bear with me.


That is normal.  Keys are valid per tcp session, or per number of bytes sometimes.  They are always per session which is not the same as your web session.  Tcp sessions end when fin is sent, or rst sent.  Pretty much you getting the page is a session.  You submitting/posting is another session.  Each request is a new session so new keys are built.

Link to comment
Share on other sites

But the SSL session ID don't change from the two request (even if Iknow you are talking about TCP session ID):



I even get a warning message because the same session keys seem to be re-used !

But a new handshake is occuring, so why is the same session id and key (symetric primary key ?) generated again to cipher the exchange ?

Edited by pierre
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...