SlideShare a Scribd company logo

TLS - Transport Layer Security

Download as PPTX, PDF
B
ByronKimani

TLS (Transport Layer Security) is a cryptographic protocol that provides encryption and security for data sent over the internet. It is used by HTTPS to encrypt communication between web browsers and servers. TLS 1.2, the previous standard, had security flaws in how it exchanged encryption keys. TLS 1.3 improves security by using Diffie-Hellman key exchange so keys are not sent directly over the network. To upgrade a website from HTTP to HTTPS, an SSL certificate must be purchased and installed, all links on the site must be changed to HTTPS, and HTTP traffic should be redirected to HTTPS.

Technology
1 of 30
Download to read offline
1
2
3
4
Most read
5
6
7
8
9
10
11
Most read
12
13
14
15
16
17
18
19
Most read
20
21
22
23
24
25
26
27
28
29
30
TLS Transport Layer Security
What is TLS? What comes to mind when you hear of Transport Layer security
TLS Definition TLS is a cryptographic protocol that provides end-to-end security of data sent between applications over the Internet. Cryptic right?😓😢 Jargon aside What really is TLS? To explain this we will first need to go through HTTP and HTTPS.
HTTP(Hypertext Transfer Protocol) HTTP is the protocol that is used for browsing and viewing web pages. In HTTP all the data sent between client and server is sent in clear text. This is hugely vulnerable to hackers because anyone on the internet can listen in and they can get all the information which may include personal information like passwords, credit card numbers. It is for this reason that HTTPS was developed.
HTTP(Hypertext Transfer Protocol) From the left we can see exactly how this eavesdropping can can happen and the eavesdropper can even manipulate the data that is sent and send tampered data. 😖 This is where HTTPS comes in😃😎 What is HTTPS though?😐
HTTPS(Hypertext Transfer Protocol Secure) This is HTTP with security. The ‘S’ literally stands for Secure. HTTPS protocol encrypts HTTP requests and responses and that way even if a malicious person intercepts the message they are unable to make any sense of it and the data is just but useless to them. For this encryption first a handshake is done to set ‘the ground rules’ for the communication.
HTTPS(Hypertext Transfer Protocol Secure) An analogy to how HTTPS works would be sending valuables in an indestructible locked combination box. Only the sending and receiving parties know the combination and if attackers get hold of it, they won’t get inside. HTTPS uses encryption algorithms to scramble the data that is being transferred. You will notice when you open a secure website such as google.com there will be the https at the beginning and browsers will also show a padlock icon. Browsers even go an extra mile and notify you if you visit a website that is not https meaning data exchange is not secured eg http://www.ku.ac.ke/ http://www.mit.edu/ http://www.nyu.edu/
TLS Definition Revisited HTTPS secures data using one of 2 protocols: 1. SSL - however this has been deprecated. 2. TLS Thus TLS in much simpler terms is the encryption protocol used by HTTPS to encrypt communication between browsers and servers over the internet. Makes more sense now? I hope😊
I am a software developer, why should I care about TLS? Without TLS, sensitive information such as logins, credit card details and personal details can easily be gleaned by others, but also browsing habits, e-mail correspondence, online chats and conferencing calls can be monitored. By enabling client and server applications to support TLS, it ensures that data transmitted between them is encrypted with secure algorithms and not viewable by third parties. Thus as a software developer it is imperative to have this knowledge in order to design secure servers that communicate safely with client browsers.
More Reasons... Google, Safari, Firefox, and most other popular browsers now require this protocol for better rankings, geolocation, credit card data entry and more. The https security protocol also protects your website from unwanted ad injections that plaque your visitors with intrusive, ugly, uninvited ads – which may contain malware.
Let's Get Technical😝 How does this TLS work? The TLS protocol is designed to provide three essential services to all applications running above it: Encryption - A mechanism to obfuscate what is sent from one host to another. Authentication - A mechanism to verify the validity of provided identification material. Data integrity - A mechanism to detect message tampering and forgery. TLS has 3 versions: ● TLS 1.1 is pretty old and we will not discuss it. ● TLS1.2 ● TLS1.3
TLS 1.2 The image on the left is breakdown of the handshake in the previous HTTPS slides. The client sends a number of specifications in plain text, such as the version of the TLS protocol it is running, the list of supported ciphersuites, and other TLS options it may want to use.
TLS 1.2 The server picks the TLS protocol version for further communication, decides on a ciphersuite from the list provided by the client, attaches its certificate, and sends the response back to the client. Optionally, the server can also send a request for the client’s certificate and parameters for other TLS extensions.
TLS 1.2 Assuming both sides are able to negotiate a common version and cipher, and the client is happy with the certificate provided by the server, the client initiates RSA generation of the ‘master key’. This is the key that will be used for the rest of this communication. The client then encrypts the ‘master key’ with the servers public key and send it over the internet. Big security flaw😅. This is because if someone got this and had the server private key server they have the keys to entire kingdom (The entire communication). PS. This has happened before😓
TLS 1.2 The server processes the key exchange parameters sent by the client, checks message integrity by verifying the MAC, and returns an encrypted Finished message back to the client. And thus communication can start with all messages getting encrypted by the ‘master key’ This is somewhat safe but due to the security flaw we recently discovered it is not entirely secure.
Where TLS 1.2 comes short ● There is the obvious security threat that comes with having the key sent over the internet ● If you look at the image illustrated above there are a lot of exchanges made just in order to send a simple GET request this is in addition to other network overheads such as the TCP handshake and others and this therefore makes this version of TLS very inefficient in terms of both data utilized and speed. And Alas TLS1.3 comes to the rescue😁
TLS1.3 TLS1.3 is the new kid on the block coming to replace TLS1.2. It employs a key exchange knows as Diffie Hellman key exchange to mitigate the previously discussed security exchange and inefficiencies of TLS1.2 And what could Diffie Hellman key exchange be? I hear you ask...
TLS 1.3 DIFFIE HELLMAN KEY GENERATION This is a way of sending information about the key without having to send the actual key through the network and let the parties generate the key for themselves.. The assumption here is that if you combine the three colors you get the golden color. These colors are used to represent keys. Please not that two of the three keys are private and only one is public. So if you add the the three keys you technically get the ‘master key’ which is what will be used for the communication
TLS 1.3 The private keys belong to the client and the server . The name private is used intentionally because these are never sent are never ever sent through the internet.
TLS 1.3 However, the combination of the public and private key can be public can be public. This is because this technically unbreakable. This is because any third party despite having knowledge of the public key(pink) they can not easily separate the two. Think of it like combining two types of juice a blue colored juice and a pink colored juice to form a gold colored juice. It would be very difficult and probably need a super lab to separate the juice into the two constituent juices. Thus the red and blue (private keys) aren’t discoverable.
TLS 1.3 The client here generates the public key, and its private key.. The client sends the public key along with a combination of its private key plus public key. Remember that this combination is inseparable. Server receives a total of 2 keys: public key and the combination. Server then generates it own private key and again combines it with the public key to form an inseparable combination . It sends this combination to the client. The client can add the combination it got from server plus its private key to get the ’master key’ and likewise for the server and thus both parties securely have a key.
TLS 1.3 This process solves the security problem of TLS1.2 and also as you can see setting up only takes 2 messages thus lowering the amount of bandwidth used and the time spent. This is definitely waaay more efficient. To get a more in depth definition of this process please watch the video below https://www.youtube.com/watch?v=Nm M9HA2MQGI
TLS 1.3
My server is on http, how do i upgrade if at all possible? Step 1. Get ready Before laying down any money on an SSL Certificate and changing your website, consider the task as a whole. ● Is Sales Ready? If you run a seasonal site, timing the HTTPS conversion at peak visitor times is not recommended. It is smart to expect downtime, that way if it happens you are prepared and it is during an off-time of day and sales cycle. ● Is your host ready? Before spending any money or configuring your site, make sure the host is capable of delivering an HTTPS website. For some hosts, there may be some extra configuration involved and they should help you with this.
My server is on http, how do i upgrade if at all possible?....Continuation ● Is your team ready? Be sure to inform everyone involved in the switch that the website will be under maintenance—this includes sales teams, developers working on the site that you may need help from or will be working with, and visitors. Communication goes a long way. Step 2. Purchase an SSL Certificate Of all the steps, this is the quickest. Usually, website hosts sell SSL Certificates and will even do most of the configuring for you
My server is on http, how do i upgrade if at all possible?....Continuation Step 3. Configure hosting with SSL Certificate If your website host does not set up the SSL Certificate for you, it will be a matter of generating keys from the seller and pasting them into the website host control panel. Once your website is configured properly, you will no longer see messages warning about invalid certificates when visiting HTTPS pages. You will probably need to clear your cache completely (not just use a Private Browsing window) to see these changes—when in doubt, ask someone to visit an HTTPS page of the site that has never visited the site before. Also to note, if you have not configured the actual website to be HTTPS friendly, you might get redirected back to the HTTP site. Every website host is a little different—some will have an entirely separate folder for HTTPS—so keep an open mind when getting things set up.
My server is on http, how do i upgrade if at all possible?....Continuation Step 4. Change all website links to HTTPS Here is where all those years of hearing people say “use relative links” and “never hard-code your links!” will come into play (and now you can start saying it too and feel good about knowing why). Also, here is why using a Content Management System (CMS) will save some time as well. So, assuming your SSL Certificate is all set up…Start fixing any non-CMS generated links to how they should be: Find all links on the website that are not generated by a CMS. This includes links to a CDN, links to pages, images, JavaScript, or anything that your website will use. Change to relative link paths: If the link is “http://www.example.com/link” than it should be “/link”—this way, even if you are not quite ready to switch everything to HTTPS, these links will still work for an HTTP website. Be sure the links start with that first “/”, otherwise you will run into issues. Stumped?
My server is on http, how do i upgrade if at all possible?....Continuation Continuation of Step 4… Test it out: Refresh cache on your browser and the website, then go to the page the link is on and give it a click. You can test to make sure this works on an HTTP or HTTPS website, either way will work as a test. Step 5. Setup 301 redirects from HTTP to HTTPS or consider HSTS For Apache-based websites, to redirect all incoming traffic, say from old Google links or dated links on other sites, setting up a redirect for all HTTP requests to be HTTPS can be accomplished fairly easily. The process may be different depending on your need and setup.
Links Below are some useful links that I used for research. Thanks a lot to the authors and creators. Basic video Overview(Youtube Video) https://www.youtube.com/watch?v=hExRDVZHhig TLS1.2 and 1.3 (Youtube Video) https://www.youtube.com/watch?v=AlE5X1NlHgg Diffie hellman (Youtube Video) https://www.youtube.com/watch?v=NmM9HA2MQGI TLS Basics https://www.internetsociety.org/deploy360/tls/basics/ TLS in depth reading https://hpbn.co/transport-layer-security-tls/
Thanks for your attention Hope you learnt something.

More Related Content

What's hot (20)

PDF
SSL/TLS Handshake
Arpit Agarwal
 
PPSX
Digital signature
Nisha Menon K
 
PDF
Basics of ssl
n|u - The Open Security Community
 
PPTX
Transport Layer Security
Chhatra Thapa
 
PPTX
Telnet & SSH
NetProtocol Xpert
 
PPT
Secure Socket Layer
Naveen Kumar
 
PPTX
SSL And TLS
Ghanshyam Patel
 
PPTX
Hash Function
Siddharth Srivastava
 
PPTX
Basic Cryptography unit 4 CSS
Dr. SURBHI SAROHA
 
DOCX
SMTP - SIMPLE MAIL TRANSFER PROTOCOL
Vidhu Arora
 
PPT
Secure shell ppt
sravya raju
 
PPT
SSL
theekuchi
 
PPTX
Ssh (The Secure Shell)
Mehedi Farazi
 
PDF
Cs8591 Computer Networks - UNIT V
pkaviya
 
PPTX
Public Key Cryptography
Gopal Sakarkar
 
PPTX
TCP protocol flow control
anuragjagetiya
 
PPTX
Web Security and SSL - Secure Socket Layer
Akhil Nadh PC
 
PPTX
Secure Socket Layer (SSL)
Samip jain
 
PPSX
Secure socket layer
Nishant Pahad
 
PPTX
HTTP & HTTPS
NetProtocol Xpert
 
SSL/TLS Handshake
Arpit Agarwal
 
Digital signature
Nisha Menon K
 
Basics of ssl
n|u - The Open Security Community
 
Transport Layer Security
Chhatra Thapa
 
Telnet & SSH
NetProtocol Xpert
 
Secure Socket Layer
Naveen Kumar
 
SSL And TLS
Ghanshyam Patel
 
Hash Function
Siddharth Srivastava
 
Basic Cryptography unit 4 CSS
Dr. SURBHI SAROHA
 
SMTP - SIMPLE MAIL TRANSFER PROTOCOL
Vidhu Arora
 
Secure shell ppt
sravya raju
 
SSL
theekuchi
 
Ssh (The Secure Shell)
Mehedi Farazi
 
Cs8591 Computer Networks - UNIT V
pkaviya
 
Public Key Cryptography
Gopal Sakarkar
 
TCP protocol flow control
anuragjagetiya
 
Web Security and SSL - Secure Socket Layer
Akhil Nadh PC
 
Secure Socket Layer (SSL)
Samip jain
 
Secure socket layer
Nishant Pahad
 
HTTP & HTTPS
NetProtocol Xpert
 

Similar to TLS - Transport Layer Security (20)

PDF
HTTPS, Here and Now
Philippe De Ryck
 
ODP
Tls 1.3
Kevin OBrien
 
PPTX
Ssl and tls
Rana assad ali
 
PDF
Transport Layer Security
Ibrahiem Mohammed
 
PPT
cryptography and network security thid.ppt
ubaidullah75790
 
PPTX
group no 6.pptx
NIRAJSINGH339856
 
PDF
CNIT 141: 13. TLS
Sam Bowne
 
PPTX
Secure Sockets Layer (SSL)
BGSBU Rajouri
 
PPT
Introduction to Secure Sockets Layer
Nascenia IT
 
PPTX
Difference between TLS 1.2 vs TLS 1.3 and tutorial of TLS2 and TLS2 version c...
jeetendra mandal
 
PDF
Understanding transport-layer_security__ssl
Mainak Goswami
 
PPTX
Module2 PPrwgerbetytbteynyunyunythyhtyT.pptx
ThanushB1
 
PDF
CNIT 141 13. TLS
Sam Bowne
 
PPT
Transportsec
Bogdan Korniyenko
 
PPTX
Certificate pinning in android applications
Arash Ramez
 
PDF
Https
Pooya Sagharchiha
 
PPTX
Sequere socket Layer
Raghavendra Rao
 
PPTX
SECURE SOCKET LAYER ( WEB SECURITY )
Monodip Singha Roy
 
PPTX
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
PDF
wolfSSL and TLS 1.3
wolfSSL
 
HTTPS, Here and Now
Philippe De Ryck
 
Tls 1.3
Kevin OBrien
 
Ssl and tls
Rana assad ali
 
Transport Layer Security
Ibrahiem Mohammed
 
cryptography and network security thid.ppt
ubaidullah75790
 
group no 6.pptx
NIRAJSINGH339856
 
CNIT 141: 13. TLS
Sam Bowne
 
Secure Sockets Layer (SSL)
BGSBU Rajouri
 
Introduction to Secure Sockets Layer
Nascenia IT
 
Difference between TLS 1.2 vs TLS 1.3 and tutorial of TLS2 and TLS2 version c...
jeetendra mandal
 
Understanding transport-layer_security__ssl
Mainak Goswami
 
Module2 PPrwgerbetytbteynyunyunythyhtyT.pptx
ThanushB1
 
CNIT 141 13. TLS
Sam Bowne
 
Transportsec
Bogdan Korniyenko
 
Certificate pinning in android applications
Arash Ramez
 
Https
Pooya Sagharchiha
 
Sequere socket Layer
Raghavendra Rao
 
SECURE SOCKET LAYER ( WEB SECURITY )
Monodip Singha Roy
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
wolfSSL and TLS 1.3
wolfSSL
 
Ad

Recently uploaded (20)

PPTX
Machine Learning Benefits Across Industries
SynapseIndia
 
PPTX
Building a Production-Ready Barts Health Secure Data Environment Tooling, Acc...
Barts Health
 
PDF
Arcee AI - building and working with small language models (06/25)
Julien SIMON
 
PPTX
Extensions Framework (XaaS) - Enabling Orchestrate Anything
ShapeBlue
 
PPTX
Top Managed Service Providers in Los Angeles
Captain IT
 
PDF
The Past, Present & Future of Kenya's Digital Transformation
Moses Kemibaro
 
PDF
Novus-Safe Pro: Brochure-What is Novus Safe Pro?.pdf
Novus Hi-Tech
 
PDF
Productivity Management Software | Workstatus
Lovely Baghel
 
PDF
How a Code Plagiarism Checker Protects Originality in Programming
Code Quiry
 
PPTX
Darren Mills The Migration Modernization Balancing Act: Navigating Risks and...
AWS Chicago
 
PDF
CIFDAQ Market Insight for 14th July 2025
CIFDAQ
 
PDF
Novus Safe Lite- What is Novus Safe Lite.pdf
Novus Hi-Tech
 
PDF
Bitcoin+ Escalando sin concesiones - Parte 1
Fernando Paredes García
 
PDF
Building Resilience with Digital Twins : Lessons from Korea
SANGHEE SHIN
 
PPTX
Simplifying End-to-End Apache CloudStack Deployment with a Web-Based Automati...
ShapeBlue
 
PDF
TrustArc Webinar - Data Privacy Trends 2025: Mid-Year Insights & Program Stra...
TrustArc
 
PDF
CloudStack GPU Integration - Rohit Yadav
ShapeBlue
 
PDF
Upskill to Agentic Automation 2025 - Kickoff Meeting
DianaGray10
 
PPTX
Lecture 5 - Agentic AI and model context protocol.pptx
Dr. LAM Yat-fai (林日辉)
 
PPTX
TYPES OF COMMUNICATION Presentation of ICT
JulieBinwag
 
Machine Learning Benefits Across Industries
SynapseIndia
 
Building a Production-Ready Barts Health Secure Data Environment Tooling, Acc...
Barts Health
 
Arcee AI - building and working with small language models (06/25)
Julien SIMON
 
Extensions Framework (XaaS) - Enabling Orchestrate Anything
ShapeBlue
 
Top Managed Service Providers in Los Angeles
Captain IT
 
The Past, Present & Future of Kenya's Digital Transformation
Moses Kemibaro
 
Novus-Safe Pro: Brochure-What is Novus Safe Pro?.pdf
Novus Hi-Tech
 
Productivity Management Software | Workstatus
Lovely Baghel
 
How a Code Plagiarism Checker Protects Originality in Programming
Code Quiry
 
Darren Mills The Migration Modernization Balancing Act: Navigating Risks and...
AWS Chicago
 
CIFDAQ Market Insight for 14th July 2025
CIFDAQ
 
Novus Safe Lite- What is Novus Safe Lite.pdf
Novus Hi-Tech
 
Bitcoin+ Escalando sin concesiones - Parte 1
Fernando Paredes García
 
Building Resilience with Digital Twins : Lessons from Korea
SANGHEE SHIN
 
Simplifying End-to-End Apache CloudStack Deployment with a Web-Based Automati...
ShapeBlue
 
TrustArc Webinar - Data Privacy Trends 2025: Mid-Year Insights & Program Stra...
TrustArc
 
CloudStack GPU Integration - Rohit Yadav
ShapeBlue
 
Upskill to Agentic Automation 2025 - Kickoff Meeting
DianaGray10
 
Lecture 5 - Agentic AI and model context protocol.pptx
Dr. LAM Yat-fai (林日辉)
 
TYPES OF COMMUNICATION Presentation of ICT
JulieBinwag
 
Ad

TLS - Transport Layer Security

  • 2. What is TLS? What comes to mind when you hear of Transport Layer security
  • 3. TLS Definition TLS is a cryptographic protocol that provides end-to-end security of data sent between applications over the Internet. Cryptic right?😓😢 Jargon aside What really is TLS? To explain this we will first need to go through HTTP and HTTPS.
  • 4. HTTP(Hypertext Transfer Protocol) HTTP is the protocol that is used for browsing and viewing web pages. In HTTP all the data sent between client and server is sent in clear text. This is hugely vulnerable to hackers because anyone on the internet can listen in and they can get all the information which may include personal information like passwords, credit card numbers. It is for this reason that HTTPS was developed.
  • 5. HTTP(Hypertext Transfer Protocol) From the left we can see exactly how this eavesdropping can can happen and the eavesdropper can even manipulate the data that is sent and send tampered data. 😖 This is where HTTPS comes in😃😎 What is HTTPS though?😐
  • 6. HTTPS(Hypertext Transfer Protocol Secure) This is HTTP with security. The ‘S’ literally stands for Secure. HTTPS protocol encrypts HTTP requests and responses and that way even if a malicious person intercepts the message they are unable to make any sense of it and the data is just but useless to them. For this encryption first a handshake is done to set ‘the ground rules’ for the communication.
  • 7. HTTPS(Hypertext Transfer Protocol Secure) An analogy to how HTTPS works would be sending valuables in an indestructible locked combination box. Only the sending and receiving parties know the combination and if attackers get hold of it, they won’t get inside. HTTPS uses encryption algorithms to scramble the data that is being transferred. You will notice when you open a secure website such as google.com there will be the https at the beginning and browsers will also show a padlock icon. Browsers even go an extra mile and notify you if you visit a website that is not https meaning data exchange is not secured eg http://www.ku.ac.ke/ http://www.mit.edu/ http://www.nyu.edu/
  • 8. TLS Definition Revisited HTTPS secures data using one of 2 protocols: 1. SSL - however this has been deprecated. 2. TLS Thus TLS in much simpler terms is the encryption protocol used by HTTPS to encrypt communication between browsers and servers over the internet. Makes more sense now? I hope😊
  • 9. I am a software developer, why should I care about TLS? Without TLS, sensitive information such as logins, credit card details and personal details can easily be gleaned by others, but also browsing habits, e-mail correspondence, online chats and conferencing calls can be monitored. By enabling client and server applications to support TLS, it ensures that data transmitted between them is encrypted with secure algorithms and not viewable by third parties. Thus as a software developer it is imperative to have this knowledge in order to design secure servers that communicate safely with client browsers.
  • 10. More Reasons... Google, Safari, Firefox, and most other popular browsers now require this protocol for better rankings, geolocation, credit card data entry and more. The https security protocol also protects your website from unwanted ad injections that plaque your visitors with intrusive, ugly, uninvited ads – which may contain malware.
  • 11. Let's Get Technical😝 How does this TLS work? The TLS protocol is designed to provide three essential services to all applications running above it: Encryption - A mechanism to obfuscate what is sent from one host to another. Authentication - A mechanism to verify the validity of provided identification material. Data integrity - A mechanism to detect message tampering and forgery. TLS has 3 versions: ● TLS 1.1 is pretty old and we will not discuss it. ● TLS1.2 ● TLS1.3
  • 12. TLS 1.2 The image on the left is breakdown of the handshake in the previous HTTPS slides. The client sends a number of specifications in plain text, such as the version of the TLS protocol it is running, the list of supported ciphersuites, and other TLS options it may want to use.
  • 13. TLS 1.2 The server picks the TLS protocol version for further communication, decides on a ciphersuite from the list provided by the client, attaches its certificate, and sends the response back to the client. Optionally, the server can also send a request for the client’s certificate and parameters for other TLS extensions.
  • 14. TLS 1.2 Assuming both sides are able to negotiate a common version and cipher, and the client is happy with the certificate provided by the server, the client initiates RSA generation of the ‘master key’. This is the key that will be used for the rest of this communication. The client then encrypts the ‘master key’ with the servers public key and send it over the internet. Big security flaw😅. This is because if someone got this and had the server private key server they have the keys to entire kingdom (The entire communication). PS. This has happened before😓
  • 15. TLS 1.2 The server processes the key exchange parameters sent by the client, checks message integrity by verifying the MAC, and returns an encrypted Finished message back to the client. And thus communication can start with all messages getting encrypted by the ‘master key’ This is somewhat safe but due to the security flaw we recently discovered it is not entirely secure.
  • 16. Where TLS 1.2 comes short ● There is the obvious security threat that comes with having the key sent over the internet ● If you look at the image illustrated above there are a lot of exchanges made just in order to send a simple GET request this is in addition to other network overheads such as the TCP handshake and others and this therefore makes this version of TLS very inefficient in terms of both data utilized and speed. And Alas TLS1.3 comes to the rescue😁
  • 17. TLS1.3 TLS1.3 is the new kid on the block coming to replace TLS1.2. It employs a key exchange knows as Diffie Hellman key exchange to mitigate the previously discussed security exchange and inefficiencies of TLS1.2 And what could Diffie Hellman key exchange be? I hear you ask...
  • 18. TLS 1.3 DIFFIE HELLMAN KEY GENERATION This is a way of sending information about the key without having to send the actual key through the network and let the parties generate the key for themselves.. The assumption here is that if you combine the three colors you get the golden color. These colors are used to represent keys. Please not that two of the three keys are private and only one is public. So if you add the the three keys you technically get the ‘master key’ which is what will be used for the communication
  • 19. TLS 1.3 The private keys belong to the client and the server . The name private is used intentionally because these are never sent are never ever sent through the internet.
  • 20. TLS 1.3 However, the combination of the public and private key can be public can be public. This is because this technically unbreakable. This is because any third party despite having knowledge of the public key(pink) they can not easily separate the two. Think of it like combining two types of juice a blue colored juice and a pink colored juice to form a gold colored juice. It would be very difficult and probably need a super lab to separate the juice into the two constituent juices. Thus the red and blue (private keys) aren’t discoverable.
  • 21. TLS 1.3 The client here generates the public key, and its private key.. The client sends the public key along with a combination of its private key plus public key. Remember that this combination is inseparable. Server receives a total of 2 keys: public key and the combination. Server then generates it own private key and again combines it with the public key to form an inseparable combination . It sends this combination to the client. The client can add the combination it got from server plus its private key to get the ’master key’ and likewise for the server and thus both parties securely have a key.
  • 22. TLS 1.3 This process solves the security problem of TLS1.2 and also as you can see setting up only takes 2 messages thus lowering the amount of bandwidth used and the time spent. This is definitely waaay more efficient. To get a more in depth definition of this process please watch the video below https://www.youtube.com/watch?v=Nm M9HA2MQGI
  • 24. My server is on http, how do i upgrade if at all possible? Step 1. Get ready Before laying down any money on an SSL Certificate and changing your website, consider the task as a whole. ● Is Sales Ready? If you run a seasonal site, timing the HTTPS conversion at peak visitor times is not recommended. It is smart to expect downtime, that way if it happens you are prepared and it is during an off-time of day and sales cycle. ● Is your host ready? Before spending any money or configuring your site, make sure the host is capable of delivering an HTTPS website. For some hosts, there may be some extra configuration involved and they should help you with this.
  • 25. My server is on http, how do i upgrade if at all possible?....Continuation ● Is your team ready? Be sure to inform everyone involved in the switch that the website will be under maintenance—this includes sales teams, developers working on the site that you may need help from or will be working with, and visitors. Communication goes a long way. Step 2. Purchase an SSL Certificate Of all the steps, this is the quickest. Usually, website hosts sell SSL Certificates and will even do most of the configuring for you
  • 26. My server is on http, how do i upgrade if at all possible?....Continuation Step 3. Configure hosting with SSL Certificate If your website host does not set up the SSL Certificate for you, it will be a matter of generating keys from the seller and pasting them into the website host control panel. Once your website is configured properly, you will no longer see messages warning about invalid certificates when visiting HTTPS pages. You will probably need to clear your cache completely (not just use a Private Browsing window) to see these changes—when in doubt, ask someone to visit an HTTPS page of the site that has never visited the site before. Also to note, if you have not configured the actual website to be HTTPS friendly, you might get redirected back to the HTTP site. Every website host is a little different—some will have an entirely separate folder for HTTPS—so keep an open mind when getting things set up.
  • 27. My server is on http, how do i upgrade if at all possible?....Continuation Step 4. Change all website links to HTTPS Here is where all those years of hearing people say “use relative links” and “never hard-code your links!” will come into play (and now you can start saying it too and feel good about knowing why). Also, here is why using a Content Management System (CMS) will save some time as well. So, assuming your SSL Certificate is all set up…Start fixing any non-CMS generated links to how they should be: Find all links on the website that are not generated by a CMS. This includes links to a CDN, links to pages, images, JavaScript, or anything that your website will use. Change to relative link paths: If the link is “http://www.example.com/link” than it should be “/link”—this way, even if you are not quite ready to switch everything to HTTPS, these links will still work for an HTTP website. Be sure the links start with that first “/”, otherwise you will run into issues. Stumped?
  • 28. My server is on http, how do i upgrade if at all possible?....Continuation Continuation of Step 4… Test it out: Refresh cache on your browser and the website, then go to the page the link is on and give it a click. You can test to make sure this works on an HTTP or HTTPS website, either way will work as a test. Step 5. Setup 301 redirects from HTTP to HTTPS or consider HSTS For Apache-based websites, to redirect all incoming traffic, say from old Google links or dated links on other sites, setting up a redirect for all HTTP requests to be HTTPS can be accomplished fairly easily. The process may be different depending on your need and setup.
  • 29. Links Below are some useful links that I used for research. Thanks a lot to the authors and creators. Basic video Overview(Youtube Video) https://www.youtube.com/watch?v=hExRDVZHhig TLS1.2 and 1.3 (Youtube Video) https://www.youtube.com/watch?v=AlE5X1NlHgg Diffie hellman (Youtube Video) https://www.youtube.com/watch?v=NmM9HA2MQGI TLS Basics https://www.internetsociety.org/deploy360/tls/basics/ TLS in depth reading https://hpbn.co/transport-layer-security-tls/
  • 30. Thanks for your attention Hope you learnt something.