4.3.27Computer Networks

HTTPS — TLS handshake, certificates, CA

2,220 words10 min readdifficulty · medium

WHY does HTTPS exist?

Plain HTTP sends everything in cleartext over TCP. Anyone on the path (your café Wi-Fi, your ISP, a router) can:

  • Read your passwords/cookies (no confidentiality),
  • Modify the page (inject ads/malware → no integrity),
  • Impersonate the server (pretend to be your bank → no authenticity).

The building blocks (WHAT you must already know)

WHY two kinds of crypto? Asymmetric is secure for identity but slow. Symmetric is fast but needs a shared secret. So we use asymmetric once to safely set up a symmetric key, then symmetric for everything else. This is the hybrid idea at the heart of TLS.


Certificates & the CA — solving "who is the public key?"

Key exchange alone is useless if an attacker can sit in the middle (MITM) and hand you their public key. We need proof the public key belongs to bank.com.


The TLS 1.2 handshake — derived step by step

We build it from the three goals, asking "why is this message needed?"

Figure — HTTPS — TLS handshake, certificates, CA

TLS 1.3 (modern, 1-RTT)

TLS 1.3 streamlines this: the ClientHello already includes a DH key share; the server replies with its share + cert + Finished. Data can flow after 1 round trip (or 0-RTT for resumption). Only forward-secret ECDHE/DHE suites remain.


Diffie–Hellman mini-derivation (the magic of shared secrets)


Common mistakes (Steel-man + fix)


Recall Feynman: explain to a 12-year-old

Imagine you want to whisper a secret to a shopkeeper, but you've never met them and the street is full of pickpockets. First you ask for their ID card stamped by the town mayor you already trust — that proves they're the real shopkeeper, not an imposter (certificate + CA). Then you both invent a shared secret password in a clever way so even watchers can't figure it out (key exchange / Diffie–Hellman). From then on you talk in a code only the two of you know (symmetric encryption). The pickpockets see gibberish. That whole "show ID, agree on secret code" greeting is the handshake.


Flashcards

What two protocols make up HTTPS and on which port?
HTTP + TLS, port 443.
What three security guarantees does TLS provide?
Confidentiality, integrity, authentication.
What binds a domain name to a public key and who signs it?
A certificate; signed by a Certificate Authority (CA).
What is the chain of trust?
Leaf cert → intermediate(s) → root, each signed by the next, ending at a root in the browser's trust store.
Why use both asymmetric and symmetric crypto in TLS (hybrid)?
Asymmetric securely bootstraps a shared secret (slow), then fast symmetric crypto encrypts bulk data.
What does the client encrypt with the server's public key in RSA key transport?
The pre-master secret.
What is the master secret derived from?
PRF(pre-master secret, client random, server random).
What is forward secrecy and which exchange gives it?
Past sessions stay safe even if the long-term key leaks later; provided by ephemeral Diffie–Hellman (ECDHE).
What does the Finished message protect?
The integrity of the whole handshake transcript (detects tampering with earlier cleartext messages).
Why is a self-signed cert untrusted by browsers?
No chain to a trusted root CA, so identity can't be verified.
Does a valid cert mean the site is honest?
No — it only proves you're securely talking to the real domain owner; phishing sites can have valid certs.
What hard problem makes Diffie–Hellman secure?
The discrete logarithm problem (recovering aa from gamodpg^a \bmod p).
How many round trips for a full TLS 1.3 handshake?
1 RTT (0-RTT for resumption).
What part of the URL is visible even with HTTPS (classic TLS)?
The domain name via SNI; path/query are encrypted.

Connections

  • HTTP — methods, status codes
  • TCP — three-way handshake (TLS rides on top of an established TCP connection)
  • Symmetric vs Asymmetric Encryption
  • Diffie–Hellman Key Exchange
  • Digital Signatures & Hashing
  • Public Key Infrastructure (PKI)
  • DNS (resolves the domain whose cert you then verify)

Concept Map

vulnerable to

motivates

wraps

equals HTTP plus

provides

bootstraps

and enables

encrypts

achieved via

uses

signs

signs

verified via

anchored in

HTTP cleartext

Read Modify Impersonate

HTTPS on port 443

TLS tunnel

Confidentiality Integrity Authentication

Asymmetric crypto

Symmetric cipher AES-GCM

Digital signature

Bulk data fast

TLS handshake

Certificate binds domain to public key

Certificate Authority

Chain of trust leaf to root

Browser trust store

Hinglish (regional understanding)

Intuition Hinglish mein samjho

Dekho, HTTPS ka matlab simple hai: normal HTTP ko ek encrypted tunnel ke andar daal dena. Yeh tunnel banata hai TLS, port 443 par. Iske teen kaam hain — koi tumhara data padh na sake (confidentiality), koi beech mein badal na sake (integrity), aur tum sach mein usi server se baat kar rahe ho jiska naam dikh raha hai (authentication). Bina iske, café WiFi par koi bhi tumhara password chura sakta hai.

Sabse bada sawaal: server ka public key sahi hai ya fake? Yahan aata hai certificate aur CA (Certificate Authority). Certificate ek signed document hai jo bolta hai "yeh public key bank.com ka hai", aur usko ek trusted CA (jaise Let's Encrypt) sign karti hai. Tumhare browser mein pehle se root CA ke keys pade hain. Verification hota hai chain of trust se: leaf cert ko intermediate sign karta hai, intermediate ko root — aur root tumhare browser ko already trusted hai. Agar chain tut jaye, browser warning deta hai.

Handshake ka flow yaad rakho: ClientHello (random rc bhejo), ServerHello (random rs), Certificate (server apni ID dikhata hai), phir client ek pre-master secret banakar server ke public key se encrypt karke bhejta hai — sirf asli server hi apne private key se kholega. Dono milke PRF se master secret aur session keys banate hain, bina key bheje. Phir ChangeCipherSpec + Finished, aur bas — ab sab kuch AES jaise fast symmetric cipher se encrypt hota hai. Asymmetric crypto sirf shuru mein "secret set up" karne ke liye, kyunki woh slow hai; baaki kaam fast symmetric karta hai — isko hybrid kehte hain.

Ek important point: certificate ka matlab "site safe/imaandar hai" nahi hai — sirf itna ki tum sahi domain owner se securely baat kar rahe ho. Phishing site bhi valid cert le sakti hai! Aur modern TLS 1.3 mein ECDHE use hota hai jo forward secrecy deta hai — yaani agar server ka private key future mein leak ho jaye, tab bhi tumhari purani recorded baat-cheet safe rehti hai. Exam aur real life dono ke liye yeh gold hai.

Go deeper — visual, from zero

Test yourself — Computer Networks

Connections