TLS and HTTPS

Transport Layer Security (TLS) is the cryptographic protocol that secures communication over the internet. HTTPS is simply HTTP running over TLS. Together, they protect the confidentiality, integrity, and authenticity of data exchanged between browsers and servers — and between any two networked systems.

---

SSL vs TLS — A Brief History

Version	Year	Status
SSL 2.0	1995	Broken — deprecated
SSL 3.0	1996	Broken (POODLE attack) — deprecated
TLS 1.0	1999	Deprecated (2020)
TLS 1.1	2006	Deprecated (2020)
TLS 1.2	2008	Secure — still widely used
TLS 1.3	2018	Current standard — recommended

Note: "SSL" is still commonly used colloquially, but all modern connections use TLS. SSL is obsolete.

---

What TLS Provides

Property	How TLS Achieves It
Confidentiality	Symmetric encryption (AES-GCM, ChaCha20-Poly1305)
Integrity	AEAD ciphersuites and HMAC
Authentication	Server certificates (X.509); optional client certificates
Forward secrecy	Ephemeral key exchange (ECDHE)

---

The TLS 1.2 Handshake

TLS 1.2 requires two round trips before encrypted data can be exchanged:

sequenceDiagram
  participant Client
  participant Server
  Client->>Server: ClientHello (TLS version, cipher suites, client random) [Round 1]
  Server->>Client: ServerHello (chosen cipher suite, server random)
  Server->>Client: Certificate
  Server->>Client: ServerKeyExchange (ECDHE params)
  Server->>Client: ServerHelloDone
  Client->>Server: ClientKeyExchange [Round 2]
  Client->>Server: ChangeCipherSpec
  Client->>Server: Finished (encrypted)
  Server->>Client: ChangeCipherSpec
  Server->>Client: Finished (encrypted)
  Note over Client,Server: Encrypted Application Data

---

The TLS 1.3 Handshake

TLS 1.3 reduces the handshake to one round trip and removes legacy insecure options:

sequenceDiagram
  participant Client
  participant Server
  Client->>Server: ClientHello (TLS 1.3, supported groups, key shares, signature algorithms) [Round 1]
  Server->>Client: ServerHello
  Server->>Client: EncryptedExtensions
  Server->>Client: Certificate
  Server->>Client: CertificateVerify
  Server->>Client: Finished
  Client->>Server: Finished
  Note over Client,Server: Encrypted Application Data

TLS 1.3 also supports 0-RTT (Zero Round Trip Time)

• The client can send encrypted data in the first message for resumed connections
• Caution: 0-RTT data is vulnerable to replay attacks — servers must handle this carefully

---

Key Improvements in TLS 1.3

Feature	TLS 1.2	TLS 1.3
Handshake round trips	2	1 (+ 0-RTT for resumption)
Key exchange	RSA, DHE, ECDHE	ECDHE only (forward secrecy mandatory)
Cipher suites	Many (including insecure options)	Only 5 AEAD cipher suites
Encryption of handshake	Partially encrypted	Mostly encrypted (from ServerHello onward)
RSA key transport	Supported	Removed (no forward secrecy)
Compression	Supported	Removed (CRIME attack)
Renegotiation	Supported	Removed (complexity and attacks)

TLS 1.3 Cipher Suites

Cipher Suite	Encryption	Hash
TLS_AES_256_GCM_SHA384	AES-256-GCM	SHA-384
TLS_AES_128_GCM_SHA256	AES-128-GCM	SHA-256
TLS_CHACHA20_POLY1305_SHA256	ChaCha20-Poly1305	SHA-256
TLS_AES_128_CCM_SHA256	AES-128-CCM	SHA-256
TLS_AES_128_CCM_8_SHA256	AES-128-CCM-8	SHA-256

---

Certificate Validation in TLS

When a browser connects via HTTPS, it validates the server's certificate: