Why it matters
All modern web traffic uses TLS. Understanding it enables debugging cert issues, optimizing handshake latency, and reasoning about security.
Advertisement
The architecture
Handshake: client hello (supported ciphers), server hello + certificate, key exchange, verify certificate, derive session keys.
Data: symmetric encryption of data using session keys. AES-GCM typical.
Advertisement
How it works end to end
Certificate: X.509. Signed by CA. Contains public key + identity.
Cert chain: server → intermediate CA → root CA. Client verifies chain to trusted root.
SNI: Server Name Indication. Sent unencrypted in handshake; enables multi-cert servers.
TLS 1.3: 1-RTT handshake, removed insecure ciphers, mandatory perfect forward secrecy.