TLS / SSL

Transport Layer Security wraps any TCP application in authentication, integrity and encryption. Asymmetric crypto authenticates the server and agrees a fast symmetric session key.

// versions

Version	Year	Status	Notes
SSL 2.0 / 3.0	1995–96	Broken	POODLE — disabled everywhere
TLS 1.0 / 1.1	1999 / 2006	Deprecated	Removed from browsers (2020)
TLS 1.2	2008	Secure	Still widely deployed; AEAD ciphers
TLS 1.3	2018	Current	1-RTT, only AEAD + PFS suites

// TLS 1.2 handshake

CLIENTSERVER

→ ClientHello · Versions, cipher list, random, SNI

ServerHello ← · Chosen cipher + server random

Certificate ← · Server cert chain

ServerKeyExchange ← · ECDHE params + HelloDone

→ ClientKeyExchange · Pre-master → both derive keys

→ Finished ⟷ Finished ← · ChangeCipherSpec — encrypted from here

After Finished everything is encrypted with the symmetric session key. TLS 1.3 collapses this to 1-RTT (cipher + key share in the first ClientHello) and supports 0-RTT resumption.

// cipher suite anatomy

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLSProtocol

ECDHEKey exchange — ephemeral, gives PFS

RSAAuthentication — how the cert is signed

AES_128_GCMBulk cipher — symmetric + mode

SHA256MAC / PRF hash

// key facts

Asymmetric crypto agrees a fast symmetric session key
TLS 1.3 is 1-RTT (0-RTT resume) and drops RSA key exchange, RC4, SHA-1, CBC
Forward secrecy (ECDHE) — past sessions stay safe if the key leaks
SNI carries the hostname so one IP can serve many certs
A CSR binds a public key to a name; a CA signs it