Jump to content

[HTTPS] a handshake at each request ?


Recommended Posts

Posted (edited)

Hello,

I am working around the HTTPS protocol.

I made two request with my web browser:

1- request the login page

2-send my credential toward the server

I was inspecting my network mark, but I discover the HTTPS handshake is made each time the client (web browser) is making a web request. As you can see:

image.png.02beaa7bf939cfa15d5c8fa2496359ef.png

Is it a normal behaviour ? Making a new secret primary key each time isn't too weighty ?

I thought only one primary key was created at the outcome of the handshake and then use each time a new web request was made.

Feel free to explain me :)

Thanks

Edited by pierre
Posted

I am trying to type this on phone so bear with me.

 

That is normal.  Keys are valid per tcp session, or per number of bytes sometimes.  They are always per session which is not the same as your web session.  Tcp sessions end when fin is sent, or rst sent.  Pretty much you getting the page is a session.  You submitting/posting is another session.  Each request is a new session so new keys are built.

Posted (edited)

But the SSL session ID don't change from the two request (even if Iknow you are talking about TCP session ID):

image.thumb.png.bc7746bc2968820bd3b267ec11912ac0.png

image.thumb.png.7477598c55eed8274313873b37965f65.png

I even get a warning message because the same session keys seem to be re-used !

But a new handshake is occuring, so why is the same session id and key (symetric primary key ?) generated again to cipher the exchange ?

Edited by pierre

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...