Transport Layer Security, TLS 1.2 and 1.3 (Explained by Example)

preview_player
Показать описание
TLS which stands for transport layer security is a protocol for securing communication between client and server. Specifically for HTTPS. Thats what the S is stands for.

In this video, we will learnq how insecure vanilla HTTP works, HTTPS, then we will learn how HTTPS is possible via the transport layer security and finally we will talk about the improvements in 1.3 that was published August 2018.

Chapters
0:00 Intro
1:30 Vanilla HTTP
5:00 HTTPS
8:35 TLS 1.2
14:30 Diffie–Hellman
17:55 TLS 1.3

Vanilla HTTP
HTTPS
TLS 1.2 handshake
TLS 1.3 enhancements


Vanilla HTTP

HTTPS
Works by negotiating a symmetric key so they can both secure messages. Watch the video we did on encryption. Before we jump to GET request there must be a handshake 🤝 that must occur between the client and server. The tricky part is exchanging that key. Same thing as above except port is 443 instead of 80. Remember once we lose the TCP connection we will have to renegotiate the key. But beauty of this is HTTP is stateless so it remains working just fine.

Tls handshake 🤝
The original TLS handshake involves 4 roundtrips. A client hello which the client includes which encryption algorithms it supports (Both symmteric and asymmetric). The server receives the request then replies back with the server certificate which includes the server public key and also the encryptions that they will change to. The client receives the server hello, generates the premaster key, encrypts it with the server’s public key then send it over. The Server decrypts the message, gets the premaster generates the symmetric key finally tells the client that we are good to go.

Tls 1.3
TLS 1.3 involves much shorter and much secure communication using only deffie hellman as key exchange and just two round trips.

More Resources

🏭 Software Architecture Videos

💾 Database Engineering Videos

🛰 Network Engineering Videos

🏰 Load Balancing and Proxies Videos

🐘 Postgres Videos

🧮 Programming Pattern Videos

🛡 Web Security Videos

🦠 HTTP Videos

🐍 Python Videos

🔆 Javascript Videos

Stay Awesome!
Hussein
  1. Hussein Nasser
  2. hussein nasser
  3. tls handshake
  4. tls port
  5. example of public key encryption
  6. tls 1.2 vs tls 1.3
Рекомендации по теме
Transport Layer Security, 0:24:20

Transport Layer Security, TLS 1.2 and 1.3 (Explained by Example)

SSL, TLS, HTTPS 0:05:54

SSL, TLS, HTTPS Explained

Transport Layer Security 0:15:33

Transport Layer Security (TLS) - Computerphile

TLS vs SSL 0:04:46

TLS vs SSL - What's the Difference?

SSL, TLS, HTTP, 0:06:31

SSL, TLS, HTTP, HTTPS Explained

Transport Layer Security 0:09:00

Transport Layer Security (TLS) 1.3 with Sean Mullan

Netzsicherheit 2: 3 0:10:57

Netzsicherheit 2: 3 Angriffe 3.6.3 TLS RSA und TLS 1 3

TLS Part 6: 0:04:16

TLS Part 6: Key difference between 1.2 and 1.3?

Enhance Your Site 0:00:09

Enhance Your Site Security with these 3 Steps!

Autodesk Transport Layer 0:07:42

Autodesk Transport Layer Security (TLS) 1.2 Update Info

How to check 0:08:06

How to check SSL/TLS configuration (Ciphers and Protocols)

How to configure 0:02:28

How to configure the Transport Layer Security (TLS) 1.2 protocol with Backup Exec

How To Enable 0:04:55

How To Enable TLS 1.2 on windows 10?

How To Enable 0:01:57

How To Enable TLS 1.2 on Windows 10 Registry

Checking TLS setting 0:01:08

Checking TLS setting in Chrome

Transport Layer Security: 0:25:34

Transport Layer Security: Part 2 - TLS & HTTPS

TLS Handshake - 0:27:59

TLS Handshake - EVERYTHING that happens when you visit an HTTPS website

#47 Transport Layer 0:06:55

#47 Transport Layer Security & its Working |CNS|

How To Disable 0:08:37

How To Disable SSL 2.0/3.0 and Enable TLS 1.2 on windows Server in registry #windowsserver

Transport Layer Security 0:37:12

Transport Layer Security (TLS) v1.3 support in Java

How TLS Works? 0:12:09

How TLS Works?

Transport Layer Security 0:05:32

Transport Layer Security (TLS) 1.3 - A sneak peak into it's working

Secure Oracle Database 0:55:52

Secure Oracle Database connections with one-way Transport Layer Security (TLS)

TLS 1.2 vs 0:01:01

TLS 1.2 vs TLS 1.3 #shorts

Комментарии
Автор

Dude i cant even try to explain how much I'm learning from you. These long videos are amazing. Thank you! Please never stop.

belferman
Автор

Absolute gem. It is not easy to explain so many tough and technical concepts in under 25 minutes. Thank you for sharing and teaching!

robertsedgewick
Автор

really appreciate the time and effort you put behind these videos. Thank you so much for sharing your knowledge !

stackfulldev
Автор

Just finished my Web-Developer Bachelor Degree.
For the final exam 7 presentation, and the one I got was on this subjekt. Luckily I had transcribed this video, translated it into Danish, screen captured the images for my 20 minuets PowerPoint presentation. I got a *B+* (No kidding).
So I just wanted to thank you a million times for that, you are the best resource on this topic 👏

acediadekay
Автор

Very neat way of explaining . I will remember the diagrams for a very long time

gattu
Автор

You really save a computer science student who almost know nothing about TLS but her teacher insists on doing a related project!

yuqiwang
Автор

HTTP - 1:30
HTTPS - 5:10
TLS 1.2 - 8:35
Diffie Hellman Key Exchange Algorithm - 14:30
TLS 1.3 - 17:55

rahulramteke
Автор

Hey, yesterday only i started watching your channel, almost watched 6 to 7 videos, you are doing awesome job.

BalaMurugan-jbos
Автор

I think you can become the the best prof ever, trust me, you are making a heavy impact in the community of developers helping us developers grow with quality content

surbhipaliwal
Автор

Nice video Hussien, but a few corrections.

Diffie Hellman was also used in TLS 1.2. The reason for less round trips in 1.3 is because negotiation for key exchange protocol is no longer needed.
I also have issues understanding your example relating to security. You mentioned that in TLS 1.2, an adversary is capable of obtaining the server's private key, which the server does not send over the internet. The adversary can then use this key to decrypt the client's encrypted key which he sends over. My question is, if an adversary can obtain the server's private key in 1.2, why can't he also obtain the server's red key in TLS 1.3, since both keys follow the same "protocol" (both keys are private to the server and not sent over communication). Actually, 1.3 removed cryptographic schemes used in 1.2 that are deemed insecure by standards of modern day technology, for example DES was used in 1.2 but abandoned in 1.3 as its key length is vulnerable to brute force attacks, given the capability of modern hardware.

Great video nonetheless!

ethan
Автор

What an explanation that was!
Simply incredible....keep up the good work. Appreciated. Thank you for this.

mazdadanklesaria
Автор

I love it. Struggled with understanding of Diffie Hellman at first but I got it in the end.

Girry_
Автор

@Hussein Nasser, You're the best teacher I ever had. I love your videos. Keep making these informative videos. It feels like you've put all your knowledge inside these packets that are transferred to me via TLS v1.3 through Youtube.

livesamarth
Автор

Hussein, just wanna say thank you for the video. You helped me understand tls in general. Thank you!

kzcjjgj
Автор

Thanks for the long videos, they need to be long. I am loving it.

shuvo
Автор

Check out my udemy Introduction to Database Engineering course

Learn the fundamentals of database systems to understand and build performant backend apps

hnasr
Автор

I got my CKAD after learned from your videos about infrastructures and now I am learning backward.. lol
Salute from South Korea.. :D

echovisionlab
Автор

this is the best explanation of TLS for me, after watching 4 videos, i can conclude, with this video, i can understand it better. to make it worst, i have no IT background to it. it just so happen i saw tls 1.2 word and i started googling it and have no idea what those professors were talking about. UNTIL THIS VIDEO!

jasomtan
Автор

Thanks Hussein. All your explanations make these complexities easy to grasp.

vijayredkar
Автор

Great video using pictures. As they say a picture is worth a thousand words. Thank you for making it easier to understand.

edthom