Ever wondered how your data stays secure when you browse your favorite websites? ๐ป๐ Let’s take a deep dive into the world of SSL encryption and uncover the magic that happens behind the scenes to protect your online adventures.
This diagram depicts the ssl interaction between client and server.
- One way SSL: Commonly used in scenarios where clients (e.g., web browsers) need to securely communicate with servers, and server authentication is sufficient. Most web browsing and online shopping transactions use one-way SSL to protect data transmission from the server to the client
- Two way SSL (mTLS): Used in situations where both the server and the client need to verify each other’s identity. Often the client certificate will be leveraged by the server for authentication, this depends on the authentication approach configured at server. Commonly employed in enterprise-level applications, APIs, and financial systems where both parties must be trusted and authenticated
- Session Resumption: To optimise performance, a client (browser) that has previously connected to the same server can resume the existing session rather than creating new one, Its achieved by use of session tickets.
Certificate Lifecycle Management:
- Certificate Issuance: The entity (e.g., a web server) requests a digital certificate from a Certificate Authority (CA), providing its public key and identification details. The CA verifies the entity’s identity and domain ownership through various validation methods. Once satisfied, the CA issues a digital certificate that contains the entity’s public key, identity information, and the CA’s digital signature.
- Certificate Distribution: The digital certificate will be distributed to web server via email, downloading from CA’s (Certificate Authority) website or using ACME protocol.
- Certificate Storage: Web Server stores the certificate securely. Incase of mTLS client also stores its certificate.
- Certificate Renewal: To ensure uninterrupted security, the web server must request certificate renewal from the CA before expiration
- Key Management: Rotation, storage and protection of private keys mainly as they prove the authenticity of the server.
One response to “Decoding SSL interaction over the wire”
Hi, this is a comment.
To get started with moderating, editing, and deleting comments, please visit the Comments screen in the dashboard.
Commenter avatars come from Gravatar.