DEV Community

Cover image for What Every Developer Must Know About SSL and TLS
Muhammad Hasham
Muhammad Hasham

Posted on

What Every Developer Must Know About SSL and TLS

SSL and TLS are often confused as if they are the same thing. But the truth is that SSL is the predecessor to TLS. New versions of TLS came up over the years to enhance security and support advance algorithms.

History

TLS was introduced back in 1999 as a new version of SSL 3.0. SSL died in 2014 due to the famous Poodle Attack.

Terminologies:

People still use the terminology of SSL, despite of the fact that it is what TLS that is being used.

The most important or the takeaway of this post if the mechanism of TLS Handshake that takes place between a client and a server.

It is rather a complex concept if we observe under the hood, but let's discuss the general concept for brevity.

TLS Handshake:

Alt Text

This is also knows as TLS negotiation, after this process is completed the communication starts between client and server.

The first step is when client tries to initiate connection with server over network. Server in response sends a public key with an encrypted certificate (A certificate is a file that is digitally bind with a cryptographic key and signed by CA).The client has a list of valid certificates. The client verifies public key with certificates that it holds, if the public key is invalid and does not align with a certificate on client side the negotiation fails. If that succeeds, the client sends it back in encrypted form with the server's public key.

After the negotiation is successful, client and server communicate over an encrypted channel.

This is TLS handshake in general.

THIS IS QUITE GENERAL OVERVIEW. THERE IS A TON OF DETAIL, BUT THIS IS TO BE KNOWN TO BE THE LEAST.

Good luck with your dev journey and don’t forget to like and share

Have any questions? just want to say 👋 @MohammadHasham_

Originally published at muhammadhasham.com/blog

Top comments (5)

Collapse
 
speeddymon profile image
Speeddymon

Misleading title. Came up in my Android news feed. Not "must know" information.

Collapse
 
muhammadhasham profile image
Muhammad Hasham

I totally respect your opinion. But what I believe, knowing atleast the basics of how communication over internet is important for a developer. TLS and SSL is one of the topic that I have seen that most of developers overlook :)

Collapse
 
speeddymon profile image
Speeddymon

I respect your opinion as well, but the article would be more helpful to developers if you also detailed why TLS important and a bit more about how the overall protocol works. The handshake itself is of very minimal use to a developer like me.

Thread Thread
 
muhammadhasham profile image
Muhammad Hasham

Yes! As I have wrote down at the end. This concept is in too much depth in detail. But that is just the basic.

Hope that helps you out. :-)

Collapse
 
dineshrathee12 profile image
Dinesh Rathee

LetsEncrypt have revoked around 3 million certs last night due to a bug that they found. Are you impacted by this, Check out ?

DevTo
[+] dev.to/dineshrathee12/letsencrypt-...

GitHub
[+] github.com/dineshrathee12/Let-s-En...

LetsEncryptCommunity
[+] community.letsencrypt.org/t/letsen...