Skip to main content

SSL/TLS: Complete Conceptual Guide

Running a web service today means HTTPS is not optional — it's mandatory. Search engine rankings, browser security warnings, and user trust all depend on it. This chapter covers SSL/TLS mechanics and how to apply them to real servers.

SSL vs TLS

SSL (Secure Sockets Layer) was the encryption protocol Netscape developed in the 1990s. SSL 3.0 was the last version, but serious vulnerabilities (POODLE, etc.) were discovered and it is now prohibited.

TLS (Transport Layer Security) is the standard protocol that succeeded SSL. TLS 1.0 and 1.1 are already deprecated. Only TLS 1.2 and TLS 1.3 should be used today.

By convention people still say "SSL certificate" and "SSL configuration," but in practice everything is TLS.

VersionStatus
SSL 2.0, 3.0🚫 Prohibited
TLS 1.0, 1.1🚫 Deprecated (RFC 8996)
TLS 1.2✅ Currently acceptable
TLS 1.3✅ Recommended (latest, fastest)

Two Encryption Methods

Symmetric Encryption

The same key encrypts and decrypts. Fast, but the key must be exchanged securely.

[Alice] ──(encrypt with shared key)──▶ ciphertext ──▶ [Bob] ──(decrypt with shared key)──▶ plaintext

Representative algorithms: AES-128, AES-256, ChaCha20

Asymmetric Encryption (Public-Key Cryptography)

A public key encrypts; a private key decrypts. The public key can be shared freely.

[Alice]  encrypt with public key ──▶ ciphertext ──▶ [Bob]  decrypt with private key ──▶ plaintext

Representative algorithms: RSA-2048, RSA-4096, ECDSA (P-256, P-384)

TLS combines both:

  1. Asymmetric encryption to securely exchange a session key (symmetric key)
  2. Actual data is then sent using the faster symmetric encryption

TLS Handshake Flow

TLS Handshake Flow

TLS 1.2 Handshake (4 messages)

[Client]                                  [Server]
   │                                          │
   │── ClientHello ────────────────────────▶  │  TLS version, cipher suites, random
   │                                          │
   │  ◀──────────────── ServerHello ──────────│  chosen TLS version, cipher suite, random
   │  ◀──────────────── Certificate ──────────│  server certificate (contains public key)
   │  ◀──────────────── ServerHelloDone ──────│
   │                                          │
   │── ClientKeyExchange ────────────────────▶│  pre-master secret encrypted with server pubkey
   │── ChangeCipherSpec ───────────────────▶  │  switching to encryption
   │── Finished ───────────────────────────▶  │
   │                                          │
   │  ◀──────────────── ChangeCipherSpec ──────│
   │  ◀──────────────── Finished ──────────────│
   │                                          │
   │══════════ Encrypted HTTP traffic ════════│

TLS 1.3 Handshake (1 round trip)

TLS 1.3 dramatically simplifies the handshake, reducing round trips to just one.

[Client]                                  [Server]
   │                                          │
   │── ClientHello + KeyShare ──────────────▶ │  TLS version + key material in one shot
   │                                          │
   │  ◀── ServerHello + KeyShare ─────────────│
   │  ◀── {Certificate} ──────────────────────│  (already encrypted!)
   │  ◀── {Finished} ─────────────────────────│
   │                                          │
   │── {Finished} ──────────────────────────▶ │
   │                                          │
   │═══════════ Encrypted HTTP traffic ═══════│

TLS 1.3 removes legacy features and applies Forward Secrecy by default.

Certificate Chain of Trust

Certificates form a hierarchical trust structure.

[Root CA]  ← Highest-level CA embedded in OS/browser
    │  signs

[Intermediate CA]  ← Intermediate certificate authority
    │  signs

[Server Certificate]  ← Certificate issued to the domain owner
    public key, domain, validity period, CA signature

The browser verifies the server certificate's signature against the intermediate CA, then verifies the intermediate CA's signature against the Root CA. Because the Root CA is trusted by the OS, the entire chain is trusted.

Certificate chain configuration:

# Correct chain setup
ssl_certificate /etc/nginx/ssl/fullchain.pem;   # server cert + intermediate CA
ssl_certificate_key /etc/nginx/ssl/privkey.pem; # private key

Cipher Suites

A cipher suite is the combination of algorithms negotiated during the TLS handshake.

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
│    │       │       │            │
│    │       │       │            └── MAC algorithm (HMAC-SHA384)
│    │       │       └─────────────── Symmetric cipher (AES-256-GCM)
│    │       └─────────────────────── Authentication (RSA)
│    └─────────────────────────────── Key exchange (ECDHE)
└──────────────────────────────────── Protocol

TLS 1.3 cipher suites (simplified):

  • TLS_AES_256_GCM_SHA384 (recommended)
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_AES_128_GCM_SHA256

Forward Secrecy

With ordinary RSA key exchange, if the server's private key is ever leaked, all recorded past traffic can be decrypted.

ECDHE (Ephemeral Diffie-Hellman) generates a temporary key for each session and destroys it immediately after the session ends. Even if the private key leaks, past traffic remains safe.

# Allow only Forward-Secrecy cipher suites
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:...';

TLS 1.3 applies Forward Secrecy to all key exchanges by default.

Chapter Learning Path

  1. Certificate types and issuance — DV/OV/EV, Let's Encrypt Certbot
  2. Nginx SSL configuration — ssl_certificate, ssl_protocols, HTTP→HTTPS redirect
  3. Apache SSL configuration — mod_ssl, SSLEngine, VirtualHost
  4. HTTPS offloading — TLS termination at the load balancer
  5. Security headers — HSTS, OCSP Stapling, CSP
  6. Advanced TLS settings — TLS 1.3, disabling weak ciphers
  7. Pro tips — SSL Labs A+ grade, expiry monitoring