person Tute World Team

TLS, SSL & Public Key Infrastructure

Every time you see the padlock in your browser, TLS is working in the background. It combines symmetric encryption, asymmetric cryptography, hash functions, and digital signatures into one seamless protocol. Understanding TLS is understanding how all of classical cryptography fits together.

What is TLS?

TLS (Transport Layer Security) is the cryptographic protocol that provides secure communication over the internet. When you visit an HTTPS website, send an email through Gmail, or use WhatsApp, TLS is what keeps it private.

SSL (Secure Sockets Layer) is TLS's predecessor. SSL 3.0 was deprecated in 2015. "SSL" is now an informal term people use for TLS, but technically, all modern secure connections use TLS.

Current versions:

  • TLS 1.2: Still widely deployed. Secure when properly configured.
  • TLS 1.3 (2018): The current standard. Faster handshake, removed obsolete/weak cipher suites, mandates perfect forward secrecy. Use this everywhere you can.

The TLS Handshake: How Security is Established

Before any application data is exchanged, the browser and server perform a handshake — a negotiation protocol that establishes:

  1. Which cipher suites both parties support
  2. The server's identity (via certificate verification)
  3. A shared symmetric encryption key for the session
Browser (Client)
1. ClientHello
Supported ciphers, TLS version, random nonce
3. Verify Certificate
Check CA signature, validity, domain
4. Key Exchange
ECDH public key (for shared secret)
5. Derive Session Keys
Both sides compute the same AES key
✓ Encrypted Application Data
Server
2. ServerHello + Certificate
Chosen cipher, TLS version, certificate
4. Key Exchange
ECDH public key (for shared secret)
5. Derive Session Keys
Both sides compute the same AES key
✓ Encrypted Application Data
The result: Both parties derived the same AES session key without ever transmitting it. An eavesdropper who recorded the entire handshake cannot compute the key (thanks to ECDH). The subsequent data is encrypted with AES-GCM.

TLS Certificates: Proving Server Identity

How does your browser know it's really talking to google.com and not an impostor? TLS certificates solve this.

A TLS certificate contains:

  • The server's public key
  • The domain name(s) the certificate is valid for
  • Validity dates (not before / not after)
  • The digital signature of a trusted Certificate Authority (CA)

The CA's signature is what makes the certificate trustworthy. The CA is essentially saying: "We verified that the person who presented this certificate actually controls this domain."

Public Key Infrastructure (PKI): The Web of Trust

PKI is the system of certificates, certificate authorities, and policies that enables trust on the internet. It's a trust hierarchy:

Root CA (e.g., DigiCert Root CA)
Pre-installed in your OS/browser. Self-signed. Kept offline in hardware security modules.
↓ signs certificate of
Intermediate CA
Signs end-entity certificates. Acts as a buffer so the Root CA key stays offline.
↓ signs certificate of
End-Entity Certificate (e.g., google.com)
The certificate your browser sees. Contains Google's public key.

Your browser trusts ~100 root CAs, pre-installed by your operating system or browser vendor. If any certificate in the chain is signed by a trusted root (directly or through intermediates), the entire chain is trusted.

When PKI fails: The 2011 DigiNotar breach (a Dutch CA was compromised) resulted in fraudulent certificates for Google and other major sites being issued. Browsers revoked trust in DigiNotar, destroying the company. Certificate Transparency (CT) logs — public ledgers of all issued certificates — now provide an additional check against fraudulent certificate issuance.

Why TLS Needs Post-Quantum Upgrades

TLS 1.3 uses ECDH for key exchange and ECDSA/RSA for certificate signatures. A quantum computer running Shor's algorithm would break both:

  • An attacker could fake a certificate by forging the CA's signature → identity fraud
  • An attacker who recorded TLS handshakes could retroactively compute the session keys → break confidentiality of all past sessions (harvest now, decrypt later)

The migration to post-quantum TLS is already happening. Google uses X25519Kyber768 in Chrome (a hybrid ECDH + ML-KEM key exchange). We'll cover this in detail in Phase 5.

Frequently Asked Questions

What does the padlock in my browser actually mean?

The padlock means: (1) Your connection to the server is encrypted — no one can read the data in transit. (2) The server's identity has been verified by a certificate that chains to a trusted root CA — you're talking to who you think you are. It does NOT mean the website itself is trustworthy or legitimate — phishing sites can get TLS certificates too. Look at the domain name, not just the padlock.

What is Let's Encrypt and why is it important?

Let's Encrypt is a free, automated CA launched in 2015. Before it, getting a TLS certificate required paying $50–$500/year and manual processes. Let's Encrypt made HTTPS free and automated, dramatically increasing TLS adoption. Today, over 90% of web traffic is encrypted — up from ~40% in 2015. It's one of the most impactful infrastructure projects in internet history.

What is certificate pinning?

Certificate pinning is when an app hardcodes which specific certificate (or public key) it will accept for a given server — rather than trusting anything signed by any root CA. It provides extra protection against MITM attacks using fraudulent certificates. The downside: if the pinned certificate expires or needs to change, the app breaks until updated. Used in high-security mobile apps.

← Hash Functions Next: Phase 3 — The Quantum Threat →

Frequently Asked Questions

What will I learn here?

This page covers the core concepts and techniques you need to understand the topic and progress confidently to the next lesson.

How should I use this page?

Start with the overview, then follow the section links to deepen your understanding. Use the table of contents on the right to jump to specific sections.

What should I read next?

Use the navigation below to continue to the next lesson or explore related topics.