protocols

How HTTPS Works in 10 Minutes

“How HTTPS Works in 10 Minutes” is a simple, high-level overview of how HTTPS works. It doesn’t dive into too much detail or heavy math. But it does cover the main stages of how the connection is established, verified, and encrypted. These are the stages that are covered:

You go to an HTTPS website via your browser
The Client says “Hello”
The Server says “Hello”
The Client makes sure the SSL certificate is legitimate
The Client gets the public key from the SSL certificate
The Client uses the public key to make more random bytes
The Client and Server make session keys
The Client and Server compare session keys
If the session keys match, game on

htrace.sh – HTTP/HTTPS troubleshooting and profiling tool

htrace.sh is a handy command-line tool for HTTP/HTTPS troubleshooting and profiling. It also integrates with a number of other security tools, like nmap, SSL Labs, subfinder, etc.

Some notes about HTTP/3

Robert Graham shares some notes about HTTP/3. The whole blog post is well worth the read. Here are some of my favorite bits.

Continue reading Some notes about HTTP/3

HTTP/3 via QUIC

As we are still trying to get the grip with HTTP/2, the world is moving on. Here’s the blog post with some initial details on HTTP/3 and QUIC. Turns out, we moving away from TCP to UDP with encryption.

Here are more details from the CloudFlare blog post.

Let the fear, uncertainty, and doubt begin!

The Illustrated TLS Connection

“The Illustrated TLS Connection” is an interactive guide to the TLS connection, explaining every byte with code, comments, annotations, and more. If you ever wanted to know the details of how this works, I can’t think of a better resource to direct you to. And if you find any issues or can suggest a better explanation, there’s a GitHub repository for you to contribute.