4.3.27 · D5 · HinglishComputer Networks
Question bank — HTTPS — TLS handshake, certificates, CA
4.3.27 · D5· Coding › Computer Networks › HTTPS — TLS handshake, certificates, CA
True or false — justify
Padlock icon guarantee karta hai ki website honest aur safe hai.
False. Yeh sirf itna guarantee karta hai ki tum securely us domain ke asli owner se baat kar rahe ho; ek phishing site bhi perfectly valid certificate hold kar sakti hai. Authenticity honesty nahi hoti.
HTTPS sab kuch encrypt karta hai, including yeh bhi ki tum kaunsi website visit kar rahe ho.
False. Path aur query encrypt hote hain, lekin hostname cleartext mein SNI ke zariye jaata hai taaki server jaane ki kaun sa certificate bhejna hai. Sirf recent ECH/ESNI use karne se yeh bhi chupta hai.
Ek self-signed certificate CA-signed certificate se weaker encryption use karta hai.
False. Cryptography (AES, RSA/ECDHE) bilkul identical hoti hai; self-signed cert mein bas chain of trust nahi hoti jo root tak jaaye, isliye browser identity verify nahi kar sakta.
Certificate mein woh symmetric session key hoti hai jo page data encrypt karne ke liye use hoti hai.
False. Certificate mein server ki public key hoti hai authentication aur key-bootstrap ke liye. Bulk symmetric key har session mein fresh derive hoti hai aur kabhi transmit nahi ki jaati.
Ek baar TLS set up ho jaaye, toh HTTP ki zarurat nahi rehti.
False. HTTPS literally TLS tunnel ke andar HTTP hai — same GET/POST methods aur status codes encrypted form mein chalta rehta hai. Dekho HTTP — methods, status codes.
TLS tab chalta hai jab TCP connection establish nahi hua hota.
False. TLS ko ek reliable byte stream chahiye, isliye TCP — three-way handshake (SYN, SYN-ACK, ACK) pehle complete hota hai; uske baad TLS handshake uske upar shuru hoti hai.
Diffie–Hellman ke saath, shared secret wire ke upar encrypted form mein bheji jaati hai.
False. Secret kabhi nahi bheji jaati; har side ise independently apni private value aur doosre ki public value se compute karta hai.
Agar server ki private key kal leak ho jaaye, toh aaj record ki gayi sessions hamesha expose ho jaati hain.
False (with ECDHE). Ephemeral Diffie–Hellman har session ke baad apna key pair phek deta hai, jisse forward secrecy milti hai. Yeh sach hai sirf purane RSA key transport ke liye, jahaan leaked key recorded pre-master secrets ko decrypt kar deti hai.
Finished message optional hai aur sirf kehta hai "hum done hain."
False. Finished ek MAC hai poore handshake transcript ke upar; yeh prove karta hai ki kisi ne pehle ke cleartext negotiation messages ke saath tamper nahi kiya. Ise drop karna algorithm negotiation ko attackable chhod deta.
Ek CA certificate issue karne se pehle verify karta hai ki website owner ek trustworthy business hai.
False for domain-validated certs. Ek basic CA sirf yeh check karta hai ki tum domain control karte ho. Organisation ki vetting ek alag, mehenga tier hai (OV/EV).
Spot the error
"Hum sabse secure hone ke liye sab traffic ke liye asymmetric crypto use karte hain."
Asymmetric sirf bootstrap aur sign karne ke liye use hoti hai — yeh bulk data ke liye bahut slow hai. Fast symmetric key sab page bytes handle karta hai. Yeh hybrid split hi Symmetric vs Asymmetric Encryption ka poora point hai.
"Browser bank.com ko directly trust karta hai kyunki woh uska certificate pehchaanta hai."
Browser ek root CA ko trust karta hai jo uske trust store mein baka hua hai, bank.com ko nahi. Trust transitively flow karta hai: root → intermediate → leaf, har link ek verified signature hai. Dekho Public Key Infrastructure (PKI).
"Signature verify karne ke liye, tum signer ki private key se data decrypt karte ho."
Tum verify karte ho signer ki public key se; sirf signer ke paas private key hoti hai. Inhe mix karna Digital Signatures & Hashing ke poore security model ko ulta kar deta hai.
"Kyunki dono random nonces public hain, woh koi security add nahi karte."
Woh public hain, lekin har side ek contribute karta hai, isliye koi bhi akela party derived key control nahi kar sakta, aur pair har session ki keys ko unique banata hai — purani handshake ka replay defeat karta hai.
"Pre-master secret client aur server dono milke generate karte hain."
RSA key transport mein sirf client ise generate karta hai, phir server ki public key se encrypt karta hai. Sirf master secret dono PRF ke zariye compute karte hain.
"DH secure hai kyunki ko factor karna mushkil hai."
Mushkil problem hai discrete logarithm: se recover karna. Factoring RSA ki problem hai, ek alag assumption. Dekho Diffie–Hellman Key Exchange.
"Ek expired certificate phir bhi server ko authenticate karta hai, bas thoda untidy lagta hai."
Ek expired cert validity check tod deta hai, isliye browser ise trust nahi kar sakta. Expiry us window ko limit karti hai jisme ek key quietly compromise ho sakti hai, isliye yeh ek hard failure hai, cosmetic nahi.
"Kyunki TLS 1.3 1-RTT hai, woh server authenticate karna skip kar deta hai."
TLS 1.3 phir bhi certificate aur Finished bhejta hai; woh sirf pipeline karta hai key share ko ClientHello mein ek round trip bachane ke liye. Authentication intact rehta hai.
Why questions
Ek eavesdropper poora DH exchange record kar sakta hai phir bhi secret kyun nahi jaanta?
Woh aur dekhte hain lekin unhe chahiye; wahan pahunchne ke liye ya recover karne ke liye discrete log solve karna padega, jo computationally infeasible maana jaata hai.
TLS client aur server dono ke random values ko key mein kyun mix karta hai?
Taaki koi bhi side predictable key force na kar sake. Agar sirf ek ne randomness contribute ki hoti, toh ek compromised ya malicious peer key ko weak ya known value ki taraf steer kar sakta tha.
Agar Diffie–Hellman pehle se secret chhupaata hai, toh certificate ki zarurat kyun hai?
DH secret ko passive watchers se chhupaata hai lekin ek MITM do DH exchanges chala ke beech mein baith sakta hai. Certificate authenticate karta hai ki kiske public value ke saath tum combine kar rahe ho, MITM ko khatam karta hai.
Browser live fetch karne ki jagah root CA public keys ke saath kyun aata hai?
Root keys trust ka anchor hain; inhe network par fetch karna khud kisi already-trusted cheez par depend karta. Inhe bake in karna (ek out-of-band, vendor-vetted step) poori chain ko bootstrap karta hai.
Browser domain name ko sirf certificate ki signature ke saath nahi, certificate ke against kyun check karta hai?
attacker.com ke liye validly signed cert real hai — lekin ise bank.com authenticate nahi karna chahiye. Requested host ko cert ke naam se match karna ek valid cert ko wrong site ke liye reuse hone se rokta hai.TLS seedha pre-master secret ko key ki tarah use karne ki jagah PRF kyun use karta hai?
PRF one-way hai aur ek secret ko is session ke nonces se bound kai independent keys mein stretch karta hai (encryption, MAC, dono directions), taaki ek derived key ka leak doosri keys reveal na kare.
DNS ke zariye hostname resolve karna khud security provide kyun nahi karta?
DNS sirf ek naam ko IP address pe map karta hai; yeh prove nahi karta ki us IP par machine genuine hai. Yeh proof TLS ka kaam hai certificate ke zariye.
Edge cases
Agar certificate valid hai lekin uska domain name tumhare type kiye site se match nahi karta toh kya hota hai?
Browser ise reject karta hai (name-mismatch error).
example.net ka cert example.com ko authenticate nahi kar sakta, chahe perfectly signed ho.Agar server sirf aisi cipher suites offer kare jo client support nahi karta toh kya hota hai?
Handshake fail ho jaati hai bina kisi agreed suite ke; ServerHello ek choose nahi kar sakta, isliye koi secure channel nahi banta aur connection abort ho jaata hai.
Agar chain mein koi intermediate CA server ke response mein missing ho toh kya hota hai?
Verification break ho sakti hai kyunki browser leaf ko trusted root se bridge nahi kar sakta. Kuch browsers missing intermediate fetch karte hain, lekin ek sahi server ko full chain bhejna chahiye.
TLS 1.3 mein 0-RTT resumption apni speed ke liye kya sacrifice karta hai?
0-RTT mein early data replayable hota hai — ek attacker ise dobara bhej sakta hai — isliye yeh sirf idempotent, non-state-changing requests carry kar sakta hai.
Agar same page HTTP aur HTTPS dono par serve ho, toh kya uske cookies equally protected hain?
Nahi. Sirf HTTPS transfer encrypted aur integrity-checked hai; HTTP wala cleartext mein cookies leak karta hai, isliye "Secure" cookies plain HTTP par travel karne se refuse karti hain.
Agar ek root CA ki private key chori ho jaaye toh kya hota hai?
Ek attacker kisi bhi domain ke liye certs forge kar sakta hai, isliye us root ko revoke/distrust karke trust stores se remove karna padega — ek catastrophic, industry-wide event, isliye roots offline guard kiye jaate hain.