-2

I want to use the SSL protocol. SSL protocol uses port 443. During the initial handshake does the communication occur on port 80 or does the handshake start on port 443?

If not during the initial stage, then when port 443 comes into the picture?

schroeder
  • 123,438
  • 55
  • 284
  • 319
ssk
  • 69
  • 1
  • 2
  • 4
  • 2
    Can we assume that you have done some research on this? I'm reading the SSL wikipedia entry and it explain it plainly... – schroeder Oct 09 '14 at 18:45

2 Answers2

7

The short answer is this: When you connect on port 443, the entire handshake happens on port 443. This can be done in a secure fashion as a result of the Diffie-Hellman process, which allows public keys to be exchanged in the open without fear that the communication secret that results from the communication might be calculated or guessed by an attacker. Private keys held by each end of the communication line are used to calculate a new and unique encryption code that is currently impossible to calculate without access to the private keys, that are never shared over the network.

It is important to note that SSL is outdated and not in use frequently today; the process you refer to is actually based on TLS technology. Even though we refer to "SSL" connections and "SSL" certificates, we have abandoned SSL for TLS. TLS can be negotiated over port 80 or port 443. Whichever port is used, will be used for the entire handshake. Unless your server is configured to negotiate TLS over port 80, most browsers will assume that port 443 should be used and will try that port first.

In addition to providing security for HTTPS connections, TLS is also utilized in IMAP, SMTP, POP, and other common communication protocols. It is universally applicable.

Also, it is important to note that while we do not have sufficient processing power today to breach a TLS connection without an extremely high amount of luck (you have better chances of winning a lottery of your choice), regardless the port, it is possible that in some distant future that our computers will be fast enough and powerful enough to permute through all possible random-shared-secret possibilities to guess the encryption on this public-private key encryption system.

Rumors have circulated that government agencies are storing streamed data in hopes that a future computer will be able to decode the communications.

Bruno Rohée
  • 5,221
  • 28
  • 39
Jared Clemence
  • 191
  • 4
5

All the communication occurs on a single port. By convention this is usually port 443 for HTTPS.

From http://en.wikipedia.org/wiki/Transport_Layer_Security:

Since protocols can operate either with or without TLS (or SSL), it is necessary for the client to indicate to the server the setup of a TLS connection. There are two main ways of achieving this. One option is to use a different port number for TLS connections (for example, port 443 for HTTPS). The other is for the client to request that the server switches the connection to TLS using a protocol-specific mechanism (for example, STARTTLS for mail and news protocols).

Gene Gotimer
  • 1,445
  • 11
  • 11