Tls_ssl
Chapter 36: TLS/SSL & HTTPS
Section titled “Chapter 36: TLS/SSL & HTTPS”Securing Data in Transit
Section titled “Securing Data in Transit”36.1 Why TLS is Essential
Section titled “36.1 Why TLS is Essential”Without TLS (Transport Layer Security), all data transmitted between client and server is visible to anyone who can intercept the network traffic.
The Problem: Unencrypted Traffic ===============================
Without TLS: ──────────────
User ────────────────────── Server POST /login username=john password=secret123
If intercepted, attacker sees: username=john password=secret123
MITM (Man-in-the-Middle) attack easy!
─────────────────────────────────────────
With TLS: ────────────
User ────────────────────── Server [Encrypted tunnel] x7k9#mP2$nL8@qR...
If intercepted, attacker sees: x7k9#mP2$nL8@qR... (unreadable garbage)
Original data protected!What TLS Protects Against
Section titled “What TLS Protects Against”| Attack | Without TLS | With TLS |
|---|---|---|
| Eavesdropping | Read all traffic | Encrypted |
| Man-in-the-Middle | Intercept/modify | Verified |
| Data tampering | Modify data | Integrity check |
| Phishing | Fake sites | Certificate verifies identity |
36.2 How TLS Works: The Handshake
Section titled “36.2 How TLS Works: The Handshake”The TLS handshake establishes a secure connection through a series of steps:
TLS 1.3 Handshake =================
┌──────────┐ ┌──────────┐ │ Client │ │ Server │ └────┬─────┘ └────┬─────┘ │ │ │ 1. ClientHello │ │ - Supported TLS versions │ │ - Cipher suites │ │ - Random bytes │ │────────────────────────────────────────▶│ │ │ │ 2. ServerHello + Certificate │ │ - Selected TLS version │ │ - Cipher suite │ │ - Server certificate (public key) │ │ - Random bytes │ │◀────────────────────────────────────────│ │ │ │ 3. Verify Certificate │ │ - Check expiry │ │ - Verify CA signature │ │ - Verify hostname │ │ │ │ 4. Client Key Exchange │ │ - Pre-master secret (encrypted) │ │────────────────────────────────────────▶│ │ │ │ 5. Generate Session Keys │ │ Both sides derive: │ │ - Encryption key │ │ - MAC key │ │ │ │ 6. Finished (Encrypted) │ │────────────────────────────────────────▶│ │◀────────────────────────────────────────│ │ │ │ 7. Secure Communication Begins! │ │ All data encrypted now │ │ │TLS 1.3 vs TLS 1.2
Section titled “TLS 1.3 vs TLS 1.2”| Aspect | TLS 1.2 | TLS 1.3 |
|---|---|---|
| Handshake | 2 round trips | 1 round trip |
| Speed | Slower | ~30% faster |
| Ciphers | Many options | Only secure ones |
| Security | Has vulnerabilities | More secure |
| RC4/MD5 | Allowed | Disabled |
| Forward secrecy | Optional | Required |
36.3 Digital Certificates
Section titled “36.3 Digital Certificates”Certificate Structure
Section titled “Certificate Structure” X.509 Certificate =================
┌─────────────────────────────────────────────────────────────┐ │ Certificate │ │ ───────────────────────────────────────────────────── │ │ │ │ Version: 3 │ │ Serial Number: 04:F5:A3:... │ │ │ │ Subject: (Who is this certificate for?) │ │ CN = example.com │ │ O = Example Inc │ │ C = US │ │ │ │ Issuer: (Who verified this?) │ │ CN = Let's Encrypt │ │ O = Let's Encrypt │ │ C = US │ │ │ │ Validity: │ │ Not Before: 2024-01-01 00:00:00 │ │ Not After: 2024-04-01 00:00:00 │ │ │ │ Public Key: │ │ Algorithm: RSA 2048 │ │ Key: (2048-bit public key) │ │ │ │ Extensions: │ │ Subject Alternative Name: │ │ DNS: example.com │ │ DNS: www.example.com │ │ │ │ Signature: (signed by issuer) │ │ Algorithm: RSA-SHA256 │ │ Value: (digital signature) │ │ │ └─────────────────────────────────────────────────────────────┘Certificate Types
Section titled “Certificate Types”| Type | Validation | Trust Level | Use Case |
|---|---|---|---|
| DV (Domain Validation) | Verify domain ownership | Basic | Personal blogs, dev |
| OV (Organization Validation) | Verify org exists | Medium | Business websites |
| EV (Extended Validation) | Strict verification | Highest | E-commerce, banking |
Certificate Chain ================
Root CA (Trust Anchor) │ └─► Intermediate CA 1 │ └─► Intermediate CA 2 │ └─► Your Certificate (example.com)
Browser trusts Root → Intermediates trust → Your cert is valid36.4 Implementing HTTPS
Section titled “36.4 Implementing HTTPS”Nginx Configuration
Section titled “Nginx Configuration”server { listen 443 ssl http2; server_name example.com;
# Certificate files ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# TLS versions (disable old ones) ssl_protocols TLSv1.3 TLSv1.2;
# Ciphers (prefer secure ones) ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256...';
# Enable OCSP stapling ssl_stapling on; ssl_stapling_verify on;
# Security headers add_header Strict-Transport-Security "max-age=31536000" always; add_header X-Frame-Options "DENY" always; add_header X-Content-Type-Options "nosniff" always;
location / { proxy_pass http://backend; }}
# Redirect HTTP to HTTPSserver { listen 80; server_name example.com; return 301 https://$host$request_uri;}Certificate Management with Certbot
Section titled “Certificate Management with Certbot”# Install certbotsudo apt install certbot python3-certbot-nginx
# Get certificatesudo certbot --nginx -d example.com -d www.example.com
# Auto-renew (runs twice daily)sudo certbot renew --dry-run
# Check renewalsudo certbot certificates36.5 HSTS (HTTP Strict Transport Security)
Section titled “36.5 HSTS (HTTP Strict Transport Security)”HSTS forces browsers to only connect via HTTPS, preventing downgrade attacks.
HSTS Flow =========
1. First visit to example.com (HTTP) ───────────────────────────────────── Server responds with header: Strict-Transport-Security: max-age=31536000
Browser remembers: "Only use HTTPS for next year"
2. User tries HTTP next time ───────────────────────────────────── Browser automatically converts to HTTPS! http://example.com → https://example.com
3. If HTTPS fails ───────────────────────────────────── Browser shows error (can't fallback to HTTP)# HSTS Headeradd_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# Explanation:# max-age=31536000 = 1 year (in seconds)# includeSubDomains = apply to all subdomains# preload = submit to hstspreload.org (browser list)36.6 TLS Best Practices
Section titled “36.6 TLS Best Practices” TLS Security Checklist =====================
✓ Use TLS 1.3 only (or at least TLS 1.2) ✓ Disable TLS 1.0 and TLS 1.1 ✓ Use strong cipher suites ✓ Enable HSTS ✓ Use certificate manager for auto-renewal ✓ Implement OCSP stapling ✓ Use forward secrecy ✓ Monitor certificate expiration ✓ Use TLS for all connections (even internal)What to Avoid
Section titled “What to Avoid”| Practice | Risk | Recommendation |
|---|---|---|
| Self-signed certs | Not trusted | Use Let’s Encrypt |
| Expired certs | Service disruption | Auto-renewal |
| Weak ciphers | Vulnerable to attack | Disable them |
| No forward secrecy | Past sessions compromised | Enable PFS |
| HTTP | Traffic exposed | Redirect to HTTPS |
Summary
Section titled “Summary”- TLS encryption - Protects data in transit
- HTTPS - HTTP over TLS
- Certificate - Proves server identity
- TLS handshake - Establishes secure connection
- HSTS - Forces HTTPS usage
- Certificate management - Automate renewal with Let’s Encrypt/Cert Manager
- TLS 1.3 - Use latest version