TLS Handshake
TLS establishes encryption and authenticates the server before HTTP exchange.
Verify in Practice��
openssl s_client -connect api.example.com:443 -servername api.example.com
curl -v https://api.example.com/health
Common Problems
- Certificate expired or missing intermediate CA.
- Hostname mismatch between SNI and SAN/CN.
- Unsupported protocol or cipher overlap.
TLS Version Evolution
| Version | Year | Key Changes | Status |
|---|---|---|---|
| TLS 1.0 | 1999 | Based on SSL 3.0 | ❌ Deprecated (RFC 8996) |
| TLS 1.1 | 2006 | Security improvements | ❌ Deprecated (RFC 8996) |
| TLS 1.2 | 2008 | AEAD ciphers (AES-GCM), SHA-256 | ✅ Widely used |
| TLS 1.3 | 2018 | 1-RTT handshake, PFS mandatory | ✅ Recommended |
TLS 1.2 vs TLS 1.3 Handshake
TLS 1.2 Handshake (2-RTT)
Client Server
│ │
│──── ClientHello ──────────────│
│<─── ServerHello ─────────────│
│<─── Certificate ─────────────│
│<─── ServerKeyExchange ────────│
│<─── ServerHelloDone ─────────│
│ │
│──── ClientKeyExchange ───────│
│──── ChangeCipherSpec ────────│
│──── Finished ────────────────│
│<─── ChangeCipherSpec ────────│
│<─── Finished ────────────────│
│ │
│==== Application Data =========│
TLS 1.3 Handshake (1-RTT)
Client Server
│ │
│──── ClientHello + Key Share ──│ ← Client sends key share immediately
│<─── ServerHello + Key Share ─│ ← Server responds with key + cert
│<─── Certificate ─────────────│
│<─── Finished ────────────────│
│──── Finished ────────────────│
│ │
│==== Application Data =========│ ← Only 1 round trip!
TLS 1.3 Key Improvements:
- 1-RTT handshake (down from 2-RTT in TLS 1.2)
- 0-RTT resumption for returning connections
- Perfect Forward Secrecy (PFS) is mandatory, not optional
- Removed insecure algorithms: RSA key exchange, CBC-mode ciphers, MD5/SHA-1, RC4, DES
- Simplified cipher suites: Only 5 approved (vs hundreds in TLS 1.2)
Certificate Chain Validation
Root CA (self-signed, trusted by browser/OS)
└── Intermediate CA
└── End-entity Certificate (your domain)
Validation steps:
- Check certificate has not expired
- Verify signature chain back to trusted Root CA
- Check hostname matches certificate's Subject Alternative Name (SAN)
- Verify certificate is not revoked (OCSP or CRL)
- Check Certificate Transparency (CT) log inclusion
mTLS (Mutual TLS)
In standard TLS, only the client verifies the server. In mTLS, the server also verifies the client:
- Used in Service Mesh (Istio, Linkerd) for zero-trust networking
- Each service has its own certificate
- Eliminates need for shared secrets between services
- Certificate rotation handled automatically by mesh control plane
Let's Encrypt & ACME
Automated certificate management:
# Install certbot
apt install certbot
# Obtain certificate for nginx
certbot --nginx -d example.com -d www.example.com
# Auto-renewal (certbot installs a cron job)
certbot renew --dry-run
- Free certificates via Let's Encrypt
- ACME protocol automates domain validation and certificate issuance
- Certificates are 90-day with automatic renewal
- Widely adopted: >300M certificates issued