<h1 id="tls">TLS<a aria-hidden="true" class="anchor-heading icon-link" href="#tls"></a></h1>
<p>TLS/SSL functions by a combination of a public certificate and a private key.</p>
<ul>
<li>The SSL key is kept secret on the server and encrypts content sent to clients. </li>
<li>The SSL certificate is publicly shared with anyone requesting the content. It can be used to decrypt the content signed by the associated SSL key.</li>
</ul>
<p>TLS consists of two phases: </p>
<ol>
<li>secure connection establishment </li>
<li>the use of that encrypted channel for further communication.</li>
</ol>
<p>A TCP handshake and connection must be established before messages to create a TLS connection are exchanged.</p>
<ul>
<li>the handshake is done in one round trip. </li>
<li>after the first two steps, all messages are encrypted.</li>
</ul>
<p>TLS involves public-key cryptography to establish a shared secret that is then used to encrypt future communication</p>
<p>TLS (Transport Layer Security) replaced SSL (Secure Sockets Layer), which is deprecated</p>
<p>spec:TLS is an agreement (protocol) between 2 IP addresses (your own and the web server you are connecting to).</p>
<p>Certificates are bound to domain names instead of IP addresses, so the "Not Secure" (<code>ERR_CERT_COMMON_NAME_INVALID</code>) warning will still appear if you connect via an IP address.</p>
<h3 id="ssl-termination">SSL Termination<a aria-hidden="true" class="anchor-heading icon-link" href="#ssl-termination"></a></h3>
<ul>
<li>the act of data reaching the end of the SSL chain and getting decrypted (or offloaded) so the recipient can read the data.
<ul>
<li>happens at the server-side of an SSL connection</li>
</ul>
</li>
<li>SSL termination helps speed the decryption process and reduces the processing burden on backend servers.
<img src="/assets/images/2021-03-09-09-46-03.png"></li>
</ul>
<h3 id="wildcard-ssl-certificate">Wildcard SSl Certificate<a aria-hidden="true" class="anchor-heading icon-link" href="#wildcard-ssl-certificate"></a></h3>
<p>a single ssl certificate that lets us have SSL on any <code>*.mydomain.com</code></p>
<h3 id="ue-resources">UE Resources<a aria-hidden="true" class="anchor-heading icon-link" href="#ue-resources"></a></h3>
<ul>
<li><a href="https://medium.com/@jonatascastro12/understanding-self-signed-certificate-in-chain-issues-on-node-js-npm-git-and-other-applications-ad88547e7028">self-signed certificates</a></li>
<li><a href="https://developers.cloudflare.com/ssl/">cloudflare guide on SSL</a></li>
</ul>
<p>A common scenario is that we run our REST API behind a reverse proxy. Among other reasons, we might want to do this so our API server is on a different network/IP than our front-end application. Therefore, we can secure this network and only</p>
<hr>
<strong>Children</strong>
<ol>
<li><a href="/notes/KlUjwISNTuoz0nrv3hrFc">ALPN Protocol</a></li>
<li><a href="/notes/J9fet9TmIJefcdWudoYyF">TLS Certificates</a></li>
</ol>

tech

This Dendron vault of tech knowledge is organized according to domains and their sub-domains, along with specific implementation of those domains.

For instance, Git itself is a domain. Sub-domains of Git would include topics like `commit`,
`tags`, `reflog` etc., while implementations of each of those could be `cli`, `strat`
(strategies), `inner` (inner workings), and so on.

The goal of the wiki is to present data in a manner that is from the perspective
of a querying user. Here, a user is a programmer wanting to get key information
from a specific domain. For instance, if a user wants to use postgres functions
and hasn't done them in a while, they should be able to query
`postgres.functions` to see basic implementations, as well as common patterns
that have been employed in the past.

This wiki has been written with myself in mind. While learning each of these
domains, I have been sensitive to the "aha" moments and have noted down my
insights as they arose. I have refrained from capturing information that I
considered obvious or otherwise non-beneficial to my own understanding.

As a result, I have allowed myself to use potentially arcane concepts to help
explain others. For example, in my note on [[unit testing|testing.method.unit]],
I have made reference to the [[microservices|general.arch.microservice]] note.
The ability to analogize between different concepts captured in different notes
allows an opportunity to build strong generalized understandings. Given that
you'd have to understand microservices to be able to draw that same parallel
that I've already drawn, these links won't work for everyone. Since these notes
are written for myself, I have been fine with taking these liberties and leaning
on them heavily.

What I hope to gain from this wiki is the ability to step away from any
given domain for a long period of time, and be able to be passably useful for
whatever my goals are within a short period of time. Of course this is all
vague sounding, and really depends on the domain along with the ends I am
trying to reach.

To achieve this, the system should be steadfast to:
- be able to put information in relatively easily, without too much thought
	required to its location. While location is important, Dendron makes it easy
	to relocate notes, if it becomes apparent that a different place makes more
	sense.
- be able to extract the information that is needed, meaning there is a
	high-degree in confidence in the location of the information. The idea is
	that information loses a large amount of its value when it is unfindable.
	Therefore, a relatively strict ideology should be used when determining
	where a piece of information belongs.
	- Some concepts might realistically belong to multiple domains. For instance, the concept of *access modifiers* can be found in both `C#` and `Typescript`. Therefore, this note should be abstracted to a common place, such as [[OOP|paradigm.oop]].

This Dendron notebook is the sister vault to the general [Second Brain](https://tech.kyletycholiz.com).

## Tags
Throughout the garden, I have made use of tags, which give semantic meaning to the pieces of information.

- `ex.` - Denotes an *example* of the preceding piece of information
- `spec:` - Specifies that the preceding information has some degree of *speculation* to it, and may not be 100% factual. Ideally this gets clarified over time as my understanding develops. I try to go back after I have better understood the topic and clear out the notes of `spec:` tags
- `anal:` - Denotes an *analogy* of the preceding information. When I can, I attempt to link concepts to others that I have previously learned.
- `mn:` - Denotes a *mnemonic*
- `expl:` - Denotes an *explanation*

## Resources
### UE (Unexamined) Resources
Often, I come across sources of information that I believe to be high-quality. They may be recommendations or found in some other way. No matter their origin, I may be in a position where I don't have the time to fully examine them (and properly extract notes), or I may not require the information at that moment in time. In cases like these, I will add reference to a section of the note called **UE Resources**. The idea is that in the future when I am ready to examine them, I have a list of resources that I can start with. This is an alternative strategy to compiling browser bookmarks, which I've found can quickly become untenable.

### E (Examined) Resources
Once a resource has been thoroughly examined and has been mined for notes, it will be moved from *UE Resources* to *E Resources*. This is to indicate that (in my own estimation), there is nothing more to be gained from the resource that is not already in the note.

### Resources
This heading is for inexhaustible resources. 
- A prime example would be a quality website that continually posts articles.  - Another example would be a tool, such as software that measures frequencies in a room to help acoustically treat it.
