TLS consists of two phases:

  1. secure connection establishment
  2. the use of that encrypted channel for further communication.

A TCP handshake and connection must be established before messages to create a TLS connection are exchanged.

  • the handshake is done in one round trip.
  • after the first two steps, all messages are encrypted.

TLS involves public-key cryptography to establish a shared secret that is then used to encrypt future communication

TLS (Transport Layer Security) replaced SSL (Secure Sockets Layer), which is deprecated

spec:TLS is an agreement (protocol) between 2 IP addresses (your own and the web server you are connecting to).

Certificates are bound to domain names instead of IP addresses, so the "Not Secure" (ERR_CERT_COMMON_NAME_INVALID) warning will still appear if you connect via an IP address.

SSL Termination

  • the act of data reaching the end of the SSL chain and getting decrypted (or offloaded) so the recipient can read the data.
    • happens at the server-side of an SSL connection
  • SSL termination helps speed the decryption process and reduces the processing burden on backend servers.

Wildcard SSl Certificate

a single ssl certificate that lets us have SSL on any *

UE Resources

A common scenario is that we run our REST API behind a reverse proxy. Among other reasons, we might want to do this so our API server is on a different network/IP than our front-end application. Therefore, we can secure this network and only

  1. ALPN Protocol
  2. TLS Certificates