Computer Networks

HTTPS and TLS

Цели урока

Understand TLS's three guarantees: confidentiality, integrity, authentication
Walk through TLS 1.2 vs TLS 1.3 handshakes and see the one-RTT win of 1.3
Tell apart symmetric (AES, ChaCha20) and asymmetric (RSA, ECDHE) crypto and why both are needed
Understand the role of the X.509 certificate, the CA, the chain of trust, and SNI
Use openssl s_client to debug TLS issues

Every time you enter a password or card number, your data passes through dozens of routers. Without TLS, any of them could peek. The padlock in the browser is a mathematical guarantee that your secrets are protected.

**Required for SEO:** Google ranks HTTPS sites higher
**Browser requirement:** Chrome marks HTTP as 'Not Secure'
**PCI DSS:** HTTPS is mandatory by standard for accepting payments

Предварительные знания

HTTP: The Language of the Web

TLS Handshake

**TLS** (Transport Layer Security) - an encryption protocol between HTTP and TCP. HTTPS = HTTP over TLS. Before transmitting data, the client and server perform a **handshake** - they agree on encryption parameters and exchange keys.

**TLS 1.3** reduced the handshake to 1-RTT (one round-trip). TLS 1.2 required 2-RTT. For repeated connections there is **0-RTT** - data is sent together with ClientHello (but there are replay attack risks).

**Why not SSL?** SSL is an outdated name (SSL 3.0 → TLS 1.0). All SSL versions and TLS 1.0/1.1 are vulnerable. Use only TLS 1.2+ (preferably 1.3). 'SSL certificate' is a marketing term - it's really a TLS certificate.

How many round-trips (RTT) does a TLS 1.3 handshake take?

Certificates

A **certificate** is a digital document proving ownership of a domain. It contains the server's public key, domain name, validity period, and a Certificate Authority (CA) signature. The browser validates the certificate before establishing a connection.

**Wildcard certificate** (*.example.com) covers all first-level subdomains: api.example.com, www.example.com. But does NOT cover a.b.example.com. A separate certificate or SAN is needed for that.

What is stored in a server certificate?

Certificate Authorities (CA)

A **CA** (Certificate Authority) - an organization that issues certificates. Browsers trust a list of root CAs (about 100-150). The CA signs a certificate with its private key. The browser verifies the signature with the CA's public key.

**Let's Encrypt** - a free automated CA. Issues Domain Validation (DV) certificates. For ownership verification it uses the ACME protocol: place a file on the server or create a DNS record.

Why does the browser trust the certificate for example.com?

Symmetric and Asymmetric Encryption

TLS uses **both types** of encryption. **Asymmetric** (RSA, ECDH) - for key exchange (slow, but secure exchange). **Symmetric** (AES, ChaCha20) - for encrypting data (fast). This is a **hybrid cryptosystem**.

**Forward Secrecy (PFS):** ECDHE generates a new key for each session. Even if the server's private key is stolen later, previously recorded sessions cannot be decrypted - the ephemeral keys are already deleted.

What is asymmetric encryption used for in TLS?

HTTPS in Action

**HTTPS** = HTTP + TLS. Runs on port 443. Provides: **confidentiality** (encryption), **integrity** (data not altered), **authentication** (this is definitely the right server). Without HTTPS, data is visible to everyone on the network.

**HSTS** (HTTP Strict Transport Security) - a header requiring HTTPS. `Strict-Transport-Security: max-age=31536000; includeSubDomains`. The browser remembers this and won't allow access over HTTP, even accidentally.

The padlock in the browser means the site is safe

The padlock only means the connection is encrypted, not that the site itself is safe

Phishing sites also get certificates (Let's Encrypt issues to everyone). Padlock ≠ trustworthy site. It only means: data between you and THIS server is encrypted. Check the domain!

What does HTTPS NOT protect?

Key Ideas

**TLS** encrypts the channel; TLS 1.3 = 1-RTT handshake
**Certificate** binds a public key to a domain; signed by a CA
**Hybrid encryption:** ECDH for key exchange, AES for data
**HTTPS** = confidentiality + integrity + authentication

Вопросы для размышления

Why do self-signed certificates trigger a warning?
How does Forward Secrecy protect past sessions?
Why can phishing sites have a padlock?

Связанные уроки

crypto-32-tls

Computer Networks

HTTPS and TLS

Цели урока

Understand TLS's three guarantees: confidentiality, integrity, authentication
Walk through TLS 1.2 vs TLS 1.3 handshakes and see the one-RTT win of 1.3
Tell apart symmetric (AES, ChaCha20) and asymmetric (RSA, ECDHE) crypto and why both are needed
Understand the role of the X.509 certificate, the CA, the chain of trust, and SNI
Use openssl s_client to debug TLS issues

**Required for SEO:** Google ranks HTTPS sites higher
**Browser requirement:** Chrome marks HTTP as 'Not Secure'
**PCI DSS:** HTTPS is mandatory by standard for accepting payments

Предварительные знания

HTTP: The Language of the Web

TLS Handshake

How many round-trips (RTT) does a TLS 1.3 handshake take?

Certificates

**Wildcard certificate** (*.example.com) covers all first-level subdomains: api.example.com, www.example.com. But does NOT cover a.b.example.com. A separate certificate or SAN is needed for that.

What is stored in a server certificate?

Certificate Authorities (CA)

**Let's Encrypt** - a free automated CA. Issues Domain Validation (DV) certificates. For ownership verification it uses the ACME protocol: place a file on the server or create a DNS record.

Why does the browser trust the certificate for example.com?

Symmetric and Asymmetric Encryption

What is asymmetric encryption used for in TLS?

HTTPS in Action

The padlock in the browser means the site is safe

The padlock only means the connection is encrypted, not that the site itself is safe

Phishing sites also get certificates (Let's Encrypt issues to everyone). Padlock ≠ trustworthy site. It only means: data between you and THIS server is encrypted. Check the domain!

What does HTTPS NOT protect?

Key Ideas

**TLS** encrypts the channel; TLS 1.3 = 1-RTT handshake
**Certificate** binds a public key to a domain; signed by a CA
**Hybrid encryption:** ECDH for key exchange, AES for data
**HTTPS** = confidentiality + integrity + authentication

Вопросы для размышления

Why do self-signed certificates trigger a warning?
How does Forward Secrecy protect past sessions?
Why can phishing sites have a padlock?

Связанные уроки

crypto-32-tls

HTTPS and TLS

Цели урока

Предварительные знания

TLS Handshake

Certificates

Certificate Authorities (CA)

Symmetric and Asymmetric Encryption

HTTPS in Action

Key Ideas

Related Topics

Вопросы для размышления

Связанные уроки

HTTPS and TLS

Цели урока

Предварительные знания

TLS Handshake

Certificates

Certificate Authorities (CA)

Symmetric and Asymmetric Encryption

HTTPS in Action

Key Ideas

Related Topics

Вопросы для размышления

Связанные уроки