[HTTPS] a handshake at each request ?

[pierre]

Hello,

I am working around the HTTPS protocol.

I made two request with my web browser:

1- request the login page

2-send my credential toward the server

I was inspecting my network mark, but I discover the HTTPS handshake is made each time the client (web browser) is making a web request. As you can see:

Is it a normal behaviour ? Making a new secret primary key each time isn't too weighty ?

I thought only one primary key was created at the outcome of the handshake and then use each time a new web request was made.

Feel free to explain me :)

Thanks

Edited March 28, 2018 by pierre

[PoSHMagiC0de]

I am trying to type this on phone so bear with me.

 

That is normal.  Keys are valid per tcp session, or per number of bytes sometimes.  They are always per session which is not the same as your web session.  Tcp sessions end when fin is sent, or rst sent.  Pretty much you getting the page is a session.  You submitting/posting is another session.  Each request is a new session so new keys are built.

[pierre]

But the SSL session ID don't change from the two request (even if Iknow you are talking about TCP session ID):

I even get a warning message because the same session keys seem to be re-used !

But a new handshake is occuring, so why is the same session id and key (symetric primary key ?) generated again to cipher the exchange ?

Edited March 29, 2018 by pierre