I was under the misconception that the Web Server will encrypt the data using its Private Key and the browser will decrypt using the corresponding Public Key available in X.509 certificate. I never knew the Session Key will be derived individually at the Client and Server using the Pre-shared Secret and other parameters. Only after watching the Troubleshooting with Wireshark: Analyzing and Decrypting TLS Traffic in Wireshark (Using HTTPs) Pluralsight course, I got the HTTPS enlightenment. The below articles provide more info about TLS 1.2, TLS 1.3, Cipher Suites and Session resumption:
Transport Layer Security (TLS)
Taking a Closer Look at the SSL/TLS Handshake
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settings
What Happens in a TLS Handshake?
Keyless SSL: The Nitty Gritty Technical Details
The Illustrated TLS 1.2 Connection
The Illustrated TLS 1.3 Connection
We need to talk about Session Tickets
What's new with TLS 1.3
Transport Layer Security (TLS)
Taking a Closer Look at the SSL/TLS Handshake
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settings
What Happens in a TLS Handshake?
Keyless SSL: The Nitty Gritty Technical Details
The Illustrated TLS 1.2 Connection
The Illustrated TLS 1.3 Connection
We need to talk about Session Tickets
What's new with TLS 1.3
No comments:
Post a Comment