bytedisorder

Nerdical recommendations, and musings — more questions than answers — for engineers

TLS Connections Byte by Byte

Many engineers have configured applications with certificates, but do not understand how these are used. TLS, which supercedes SSL, is the network protocol on which HTTPS and so many other secure protocols are built. If you develop or operate a service using TLS it is advised to have an understanding of how this all works, especially if you hope to debug an issue in the protocol or perform a proper audit of your network security.

Understanding TLS today is as essential as understanding TCP – it’s that prevalent. If you’re unsure about the steps involved in establishing secure communications, still think about “SSL connections”, or are unaware of TLS versions such as 1.1, 1.2, and 1.3 then it’s probably time to dive a bit deeper into this topic.

To start learning the basics of TLS see the following Computerphile videos:

Watch: Transport Layer Security (TLS) - Computerphile :: 16m

Watch: TLS Handshake Explained - Computerphile :: 17m

For how TLS 1.3 increases security and reduces response latency, the following is a great resource:

Watch: TLS 1.3 Handshake - Practical Networking :: 18m

With that out of the way try some deeper learning and look into the bytes sent over the network:

Read: The Illustrated TLS 1.3 Connection

Does your application support or require HTTPS or TLS 1.3? Are HTTP or TLS <1.3 a threat to your security posture? Could you benefit from latency improvements in TLS 1.3? It is clear that how we secure network traffic is changing drastically, especially when we consider the release of DTLS. Now is a better time than ever to review the web standards around that conversation.