Introduction to HTTPS, TLS and X.509 certificates

In this repo you'll find an introduction to the Hypertext Transfer Protocol Secure (HTTPS). To make it very simple, HTTPS is nothing more then HTTP send encrypted using a version of the Transport Layer Security (TLS) protocol. Therefore there is a brief introduction into the latest 2 versions - TLS 1.2 and 1.3. In the process of TLS communication, X.509 certificates are used to validate the server and optionally the client as well. Therefore there is a section about X.509 certificates as well.

Table of Contents

Main document page

1. Internet Protocol Recap

2. Browser to Website connection

3. Introduction to HTTPS

4. Cryptopgraphic Methods

   4.1. Introduction to Cryptography

   4.2. Symmetric Cryptography

   4.3 Asymmetric Cryptography

   4.4. Diffie-Hellman Exchange

   4.5. Message Digests (Hashes)

   4.6. Message Authentication Code (MAC)

   4.7. Digital Signatures

   4.8. Forward Secrecy

5. X.509 Certificate

   5.1. Introduction to X.509

   5.2. Certificate Structure

   5.3. Certificate Signature Structure

   5.4. Verifying the Chain of Trust

   5.5. Certificate File Formats and File Extensions

   5.7. Certificate Revocation

   5.8. Certificate Handling by the Client

   5.9. Certificate Validation Failure

6. TLS 1.2 in Detail

   6.1. TLS 1.2 Full Handshake

   6.2. TLS 1.2 Abbreviated Handshake

7. TLS 1.3 in Detail

   7.1. TLS 1.3 Full Handshake

   7.2. TLS 1.3 Session Resumption and PSK

   7.3. TLS 1.3 0-RTT Data

8. Getting a Certificate

9. HTTP Strict Transport Security (HSTS)

There is also a glossary:

A. Glossary

The sources are specific references (HTML anchors) to the sections of the source material, which are identified by superscript UTF-8 numbers (⁰¹²³⁴⁵⁶⁷⁸⁹). If one sentence has multiple sources for the information provided, they are separated by ᐟ. So e.g. ¹⁵³ᐟ²⁸ references source number 153 and 28 in the "Sources" markdown file:

B. Sources

The "References" contains each used source material once without anchors:

C. References

Acknowledgement

I have to thank the manufactures of my PC hardware and my PC for not breaking down or crashing while writing this having 40 GB of commmited memory. 🔥

No seriously, most of the Cryptopgraphic Methods section comes from the Encryption, Authentication Survival Guide from the ZYTRAX, Inc. website and the company gave me permission to use their material, so a big thankyou to ZYTRAX, Inc. 🙏

I also want to thank the security.stackexchange user mti2935 for pointing out that the certificates on wikipedia were printed using OpenSSL. 🙏

Donation

You can leave all your money here:

Contribution

As a human being i will have made and will make a lot of mistakes of all kinds. Fortunately for digital stuff, mistakes can be corrected. If you find language errors (i'm not a native english speaker and hate commas), technical inaccuracies, wrong or unfullfilling sources, or just have suggestions to enhance the quality of this writing, you can create issues or better, pull requests. It'll take time, but i probably will come back to those every few month.

Contact

On my profile page you'll find a mail address as a logged in github user.

License & Copyright

The materials herein are all © 2020 goulashsoup (Github user).

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.