SystemOverflow
LearnNetworking & ProtocolsTLS/SSL & Encryption1 of 6
Networking & ProtocolsTLS/SSL & EncryptionEasy⏱️ ~3 min

TLS/SSL Fundamentals: Three Core Guarantees and Protocol Phases

TLS (Transport Layer Security) provides three critical guarantees when communicating over untrusted networks: confidentiality through encryption, integrity via tamper detection, and authenticity using public key infrastructure (PKI). Modern production systems use TLS 1.2 as the baseline and prefer TLS 1.3 for both enhanced security and performance. The protocol achieves these guarantees by combining asymmetric cryptography for authentication and key agreement (such as ECDHE with X25519 or P256 curves) with symmetric cryptography for bulk data encryption (typically AES GCM or ChaCha20 Poly1305). The name SSL is purely historical; all contemporary implementations deploy TLS. The protocol operates in two distinct phases. First, the handshake phase negotiates cryptographic parameters, authenticates the server (and optionally the client in mutual TLS scenarios), and derives ephemeral session keys. TLS 1.2 typically requires two additional round trips after TCP's initial three way handshake, totaling approximately 3 RTTs before application data flows. TLS 1.3 reduces this to 2 RTTs total (1 RTT for TLS after TCP) and supports zero RTT resumption for returning clients, though with important replay attack caveats. Second, the record protocol encrypts all application data using the negotiated symmetric cipher, adding sequence numbers and message authentication codes (or AEAD constructs) to detect any tampering attempts. Trust in TLS is anchored in a hierarchical public key infrastructure where browsers and operating systems ship with a small set of trusted root certificate authorities (CAs). These roots sign intermediate CAs, which in turn sign end entity certificates for specific servers. Modern operational practice emphasizes short lived certificates (commonly 90 days from providers like Let's Encrypt) to reduce the window of exposure if a key is compromised. Revocation mechanisms like CRLs and OCSP are imperfect at Internet scale, so contemporary deployments rely on OCSP stapling and frequent rotation instead of long lived certificates with complex revocation infrastructure. Forward secrecy, which prevents past session decryption even if long term keys are later compromised, depends on using ephemeral key exchange methods (ECDHE) and operational practices like rotating session ticket keys frequently.
💡 Key Takeaways
TLS 1.2 adds approximately 2 RTTs after TCP handshake (total 3 RTTs), while TLS 1.3 reduces this by 1 RTT to approximately 2 RTTs total before first application byte
Asymmetric crypto (ECDHE with X25519 or P256) handles authentication and key agreement during handshake; symmetric crypto (AES GCM or ChaCha20 Poly1305) encrypts bulk data with throughput typically exceeding 1 Gbps per core on modern hardware
Modern certificates use 90 day lifetimes (Let's Encrypt standard) versus older 398 day browser maximum, reducing compromise windows from over a year to three months
Forward secrecy requires both ephemeral key exchange during handshake and frequent rotation of session ticket encryption keys (measured in hours to one day, not weeks)
Zero RTT resumption in TLS 1.3 can eliminate handshake latency entirely for returning clients but is replayable, restricting safe usage to idempotent operations only
📌 Examples
Google Chrome reports over 90% of page loads occur over HTTPS globally, with TLS 1.3 and QUIC widely deployed across Google properties
On a 4G mobile network with 60 to 100 ms RTT, TLS 1.3 saves approximately 60 to 100 ms in time to first byte compared to TLS 1.2 by eliminating one full round trip
Let's Encrypt issues 2 to 3 million certificates daily with automated 90 day lifetimes, demonstrating that short lived certificates are operationally viable at Internet scale
← Back to TLS/SSL & Encryption Overview