| Channel | Publish Date | Thumbnail & View Count | Download Video |
|---|---|---|---|
 | Publish Date not found |  0 Views |
In this video, we'll learn how insecure vanilla HTTP and HTTPS work, then we'll learn how HTTPS is possible over Transport Layer Security, and finally we'll talk about the improvements in 1.3, which was released in August 2018.
Chapter
0:00 Introduction
1:30 Vanilla HTTP
5:00 HTTPS
8:35 TLS1.2
14:30 Diffie–Hellman
17:55 TLS 1.3
Vanilla HTTP
HTTPS
TLS 1.2 handshake
TLS 1.3 extensions
Vanilla HTTP
Before we talk about TLS, HTTPS, or anything else, let's look at how HTTP requests work. You can type www.husseinnasser.com into the browser, the OSI magic kicks in, the client finds out the IP address of husseinnasser.com by calling the DNS, which uses UDP. Then the HTTP application layer makes a GET/ request passing the IP address and port 80 (default for insecure HTTP), this creates an underlying TCP connection, puts GET/ string and other things into the packet and sends it. TCP does its thing, the server receives GET/ calls the appropriate process in the backend, which could simply be "return index.html", sets the content type to "text/html", and sends back a big response for the client. All of this is obviously plain text without any encryption, and if you watched the OSI video we did, you know that people can sniff/spy on packets and receive packets they are not supposed to receive
HTTPS
Works by negotiating a symmetric key so that both can secure messages. Watch our video on encryption. Before we jump to the GET request, a handshake must take place between the client and server. The tricky part is exchanging this key. Same as above, only the port is 443 instead of 80. Remember that if we lose the TCP connection, we will have to renegotiate the key. But the beauty of it is that HTTP is stateless, so it continues to work perfectly.
TLS handshake
The original TLS handshake involves 4 round trips. A client hello where the client indicates which encryption algorithms they support (both symmetric and asymmetric). The server receives the request and then responds with the server certificate which contains the server's public key and also the ciphers they will switch to. The client receives the server hello, generates the premaster key, encrypts it with the server's public key and then sends it. The server decrypts the message, receives the premaster, generates the symmetric key and finally tells the client we're good to go.
TLS 1.3
TLS 1.3 enables significantly shorter and more secure communication, using only Deffie Hellman and only two round trips for key exchange.
More resources
https://www.cloudflare.com/learning-resources/tls-1-3/
https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/
Videos on software architecture
https://www.youtube.com/playlist?list=PLQnljOFTspQXNP6mQchJVP3S-3oKGEuw9
Videos on database technology
https://www.youtube.com/playlist?list=PLQnljOFTspQXjD0HOzN7P2tgzu7scWpl2
Videos on network technology
https://www.youtube.com/playlist?list=PLQnljOFTspQUBSgBXilKhRMJ1ACqr7pTr
Videos on load balancing and proxies
https://www.youtube.com/playlist?list=PLQnljOFTspQVMeBmWI2AhxULWEeo7AaMC
Postgres Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQWGrOqslniFlRcwxyY94cjj
Videos on programming patterns
https://www.youtube.com/playlist?list=PLQnljOFTspQV1emqxKbcP5esAf4zpqWpe
Web security videos
https://www.youtube.com/playlist?list=PLQnljOFTspQU3YDMRSMvzflh_qXoz9zfv
HTTP Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQU6zO0drAYHFtkkyfNJw1IO
Python Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQU_M83ARz8mDdr4LThzkBKX
Javascript Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQWab0g3W6ZaDM6_Buh20EWM
Stay great!
Hussein
Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.
