• View
• Edit
• History
• Print

Introduction to TLS

Overview

TLS (Transport Layer Security) aka SSL (Secure Sockets Layer) is the encryption security measure that enables browsers to recognize a website as "secure". In modern browsers the SSL information can be accessed by clicking the padlock icon in the address bar.

TLS certificates are obtained from CAs (Certificate Authorities). Some free (as in price) CAs are Lets Encrypt, Buypass and ZeroSSL. You can request a TLS cert for your hostname using an Automatic Certificate Management Environment (ACME) client such as OpenBSD's acme-client.

Once a certificate has been requested, it can be used for encrypting connections to your servers (such as your web server or irc server).

Details

These are details of each TLS connection, while it's not required to know how TLS actually work, it can be helpful.

Versions

Before TLS, SSL was used. latest version of SSL is 3.0, in order to maintain compatablity with devices, libraries and other network nodes, TLS versions are set as 3.X in the RFC. Where X is 1 for TLS 1.0, 2 for TLS 1.1 and so on.

Connection initation

each TLS connections begins with a message, sent by client. This message is known as Client Hello or CHello. it's responded with SHello which contains server's certificates, extentions and accepted ciphers.

SNI

An important feature of TLS is SNI, which allows a user to specify which domain it want to connect to. without SNI it's not possible serve multiple domains/sites on the same IP. unfortuenly it also means TLS connections do say where they are leaded to in plain text.