📓
ainzzorl's wiki
  • Intro
  • Pet Projects
    • Good Code
    • LangFlipFlop
    • Soccer Adjectives
    • Word Highlighter
    • News Digest
    • Algorithms in Kotlin
    • rustorcli
  • Tech
    • Tech Articles
    • Algorithms
      • Distributed Hash Table (DHT)
      • RSA
      • Seam Carving
      • Fibonacci Heaps
      • Suffix trees, suffix arrays, etc.
    • Technologies
      • Threads vs Events
      • TLS
      • GPU
      • Web Sockets
      • OSI Model
    • Open Source
      • Homebrew
      • Standard Notes
      • LiChess
    • Bash
    • Raft
    • Quantum Computing
    • GFS
    • MapReduce
    • ZooKeeper
  • Courses
    • MIT 6.824: Distributed Systems
      • Primary-Backup Replication
      • Object Storage on CRAQ
      • Aurora
      • Cache Consistency: Frangipani
      • Takeways
      • Distributed Transactions
      • Midterm
      • Spanner
      • FaRM
      • Spark
      • Cache Consistency: Memcached at Facebook
    • Page 2
    • MIT 6.854/18.415: Advanced Algorithms + Stanford CS168: The Modern Algorithmic Toolbox
  • Math
    • Fourier Transform
    • Probabilities & Statistics
  • Places
    • Moscow
  • Books
    • Page 1
    • Page 1
    • Page 1
    • Page 1
    • Page 1
    • Tobol Mnogo Zvannyh - Ivanov
    • The Twelve Chairs/12 стульев - Ilf, Petrov
    • Beauty is a Wound - Eka Kurniawan
    • The Queen of Spades/Пиковая Дама - Pushkin
    • The Sirens of Titan - Kurt Vonnegut
    • Обитель - Захар Прилепин
    • The Faithful Executioner - Joel Harrington
    • City of Lies: Love, Sex, Death, and the Search for Truth in Tehran - Ramita Navai
    • June/Июль - Dmitry Bykov/Дмитрий Быков
    • East of Eden - John Steinbeck
    • Como Agua Para Chocolate/Like Water for Chocolate - Laura Esquivel Valdés
    • The Kukotski Enigma/Казус Кукоцкого - Lyudmila Ulitskaya/Людмила Улицкая
    • Ancillary Justice - Ann Leckie
    • Career of Evil - JK Rowling
    • The Signal and the Noise - Nate Silver
    • Don't Sleep, There are Snakes - Daniel Everett
    • Оправдание Острова - Eugene Vodolazkin
    • A Place Called Winter - Patrick Gale
    • 1491: New Revelations of the Americas Before Columbus - Charles C. Mann
    • Трудно Отпускает Антарктида - Vladimir Sanin
    • Klara and the Sun - Kazuo Ishiguro
    • The History of My Contemporary/История Моего Современника - Vladimir Korolenko
    • Life at the Speed of Light - Craig Venter
    • Misery - Stephen King
    • And Then There Were None - Agatha Christie
    • A Kim Jong-Il Production - Paul Fischer
  • Cooking
    • Marinated Mushrooms
    • Pea Soup
    • Fried Potato
    • Chimichurri
    • Komendantsky Sauce
    • Spicy mushroom marinara
    • Bruschetta
    • Solyanka with Mushrooms
    • Tofu Scramble
    • Bean Spaghetti
    • Salsa
    • Baked Mushrooms
    • Lentil Soup
    • Веганство в Москве
  • Misc Research
    • Recycling
    • Sailing Upwind
    • Viruses
  • Misc Reading
    • Harry Potter - Rowling Writing
  • Fitness
  • Languages
    • Spanish
    • Language Classification
  • Juggling
  • Life Advice
Powered by GitBook
On this page

Was this helpful?

  1. Tech
  2. Technologies

TLS

PreviousThreads vs EventsNextGPU

Last updated 3 years ago

Was this helpful?

Handshake:

  • The handshake begins when a client connects to a TLS-enabled server requesting a secure connection and the client presents a list of supported ( and ).

  • From this list, the server picks a cipher and hash function that it also supports and notifies the client of the decision.

  • The server usually then provides identification in the form of a . The certificate contains the , the trusted (CA) that vouches for the authenticity of the certificate, and the server's public encryption key.

  • The client confirms the validity of the certificate before proceeding.

  • To generate the session keys used for the secure connection, the client either:

    • encrypts a (PreMasterSecret) with the server's public key and sends the result to the server (which only the server should be able to decrypt with its private key); both parties then use the random number to generate a unique session key for subsequent encryption and decryption of data during the session

    • uses to securely generate a random and unique session key for encryption and decryption that has the additional property of forward secrecy: if the server's private key is disclosed in future, it cannot be used to decrypt the current session, even if the session is intercepted and recorded by a third party.

Certificate:

  • "A digital certificate certifies the ownership of a public key by the named subject of the certificate, and indicates certain expected usages of that key. This allows others (relying parties) to rely upon signatures or on assertions made by the private key that corresponds to the certified public key."

https://en.wikipedia.org/wiki/Transport_Layer_Security
cipher suites
ciphers
hash functions
digital certificate
server name
certificate authority
random number
Diffie–Hellman key exchange
What is a TLS/SSL certificate, and how does it work?