Stage 3 · Build
TLS & Certificate Management
The TLS Handshake
Cipher suites, key exchange, certificates, and session resumption.
What TLS Does
TLS (Transport Layer Security) provides three guarantees: confidentiality (encryption), integrity (no tampering), and authentication (prove server identity). It sits between TCP and the application layer, encrypting everything after the handshake.
Every HTTPS connection, every API call over TLS, every secure WebSocket -- they all start with a TLS handshake. Understanding this handshake is essential for debugging connection issues, certificate problems, and performance bottlenecks.
TLS 1.2 vs TLS 1.3
| Feature | TLS 1.2 | TLS 1.3 |
|---|---|---|
| Handshake RTTs | 2 RTT | 1 RTT (0-RTT with resumption) |
| Key exchange | RSA, DHE, ECDHE | ECDHE, DHE only (no RSA) |
| Cipher suites | Many (including weak) | 5 strong suites only |
| Forward secrecy | Optional | Mandatory |
| 0-RTT resumption | No | Yes (with replay risk) |
TLS 1.3 removed all legacy cipher suites and mandatory features. It is faster (fewer round trips), more secure (forward secrecy mandatory), and simpler (fewer negotiation options). Always prefer TLS 1.3.
The Handshake Step by Step
Client Server
| |
|--- ClientHello -------------------->|
| (supported versions, |
| cipher suites, key shares, |
| SNI, early data indication) |
| |
|<-- ServerHello ---------------------|
| (chosen version, cipher suite, |
| key share, certificate, |
| encrypted extensions, |
| certificate verify, finish) |
| |
|--- Finished ----------------------->|
| (keys derived, handshake done) |
| |
|<== Encrypted Application Data ===>|
explanation:
"In TLS 1.3, the server sends its certificate and key material in a single flight after the ClientHello. The client can start sending encrypted data immediately after its Finished message. Total: 1 round trip.",Client Server
|--- ClientHello -------------------->|
| (cipher suites, extensions) |
|<-- ServerHello ---------------------|
| (chosen cipher, certificate) |
|<-- ServerKeyExchange ---------------|
| (DH parameters) |
|<-- ServerHelloDone -----------------|
|--- ClientKeyExchange -------------->|
|--- ChangeCipherSpec --------------->|
|--- Finished ----------------------->|
|<-- ChangeCipherSpec ----------------|
|<-- Finished ------------------------|TLS 1.2 requires two full round trips before encrypted data can flow. The extra round trip is the ServerKeyExchange + ClientKeyExchange dance for Diffie-Hellman key agreement.
Cipher Suites
A cipher suite defines the algorithms used for key exchange, encryption, and authentication. TLS 1.3 simplified cipher suites significantly -- they only specify the AEAD encryption algorithm and hash function.
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
Format: TLS_<encryption>_<mode>_<hash>
TLS 1.2 (legacy, avoid):
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384In TLS 1.3, key exchange is always ECDHE or DHE (forward secrecy). Authentication is separate from the cipher suite (handled by the certificate). This eliminates the confusing TLS 1.2 naming.
Session Resumption
Session resumption lets clients skip the full handshake on subsequent connections. TLS 1.3 uses Pre-Shared Keys (PSK) from a previous connection. This reduces the handshake to 0 round trips -- the client sends encrypted data immediately.
Client Server
| |
|--- ClientHello + early data ------->|
| (PSK identity, encrypted data) |
| |
|<-- ServerHello + finished -------->|
| (accepts PSK, derives keys) |
| |
|<== Application Data ==============>|
(early data sent immediately, no wait)With 0-RTT, the client sends application data in the first flight. This is fast but has a replay risk -- an attacker could replay the early data. Use 0-RTT only for idempotent requests (GET, not POST).
0-RTT data is not forward-secret and can be replayed. An attacker who captures the early data can replay it to the server. For idempotent operations this is fine, but never use 0-RTT for state-changing requests like payments.
Mark this lesson complete to store local progress and unlock a cleaner resume path the next time you visit.