30 January, 2020

TLS 1.2, TLS 1.3, Cipher Suites and Session resumption

I was under the misconception that the Web Server will encrypt the data using its Private Key and the browser will decrypt using the corresponding Public Key available in X.509 certificate. I never knew the Session Key will be derived individually at the Client and Server using the Pre-shared Secret and other parameters. Only after watching the Troubleshooting with Wireshark: Analyzing and Decrypting TLS Traffic in Wireshark (Using HTTPs) Pluralsight course, I got the HTTPS enlightenment. The below articles provide more info about TLS 1.2, TLS 1.3, Cipher Suites and Session resumption:

Transport Layer Security (TLS)

Taking a Closer Look at the SSL/TLS Handshake

Cipher Suites: Ciphers, Algorithms and Negotiating Security Settings

What Happens in a TLS Handshake?

Keyless SSL: The Nitty Gritty Technical Details

The Illustrated TLS 1.2 Connection

The Illustrated TLS 1.3 Connection

We need to talk about Session Tickets

What's new with TLS 1.3

No comments:

Post a Comment