Skip to main content

Posts

TLS Handshake

Before the client and the server can begin exchanging application data over TLS, the encrypted tunnel must be negotiated: the client and the server must agree on the version of the TLS protocol, choose the cipher suite, and verify certificates if necessary. Unfortunately, each of these steps requires new packet roundtrips between the client and the server, which adds startup latency to all TLS connections. 0 ms TLS runs over a reliable transport (TCP), which means that we must first complete the TCP three-way handshake, which takes one full roundtrip. 56 ms With the TCP connection in place, the client sends a number of specifications in plain text, such as the version of the TLS protocol it is running, the list of supported ciphersuites, and other TLS options it may want to use. 84 ms The server picks the TLS protocol version for further communication, decides on a ciphersuite from the list provided by the client, attaches its certificate, and sends the respon

HTTP/1.0 and HTTP/1.1

HTTP is a protocol used to exchange or transfer hypertext.  Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text. Tim Berners-Lee and his team at CERN are credited with inventing the original HTTP along with HTML and the associated technology for a web server and a text-based web browser. Berners-Lee first proposed the "WorldWideWeb" project in 1989 — now known as the World Wide Web. The first version of the protocol had only one method, namely GET, which would request a page from a server. The response from the server was always an HTML page.                                                         Tim Berners-Lee authored/co-authored multiple RFCs (Request for Comment) including  RFC 1945  (which was published in 1996 and talks about Hyper Text Transfer 1.0), RFC 2068  (which describes HTTP/1.1 & was published in 1997), RFC 2616  (which obsoletes the RFC 2068 and made HTTP/1.1 official). Because of his extensive work towards

SPDY (pronounced speedy); NPN (Next Protocol Negotiation); ALPN (Application Layer Protocol Negotiation) and HTTP/2

SPDY (pronounced as SPeeDY) :- SPDY is an experimental protocol developed at Google, designed to reduce the latency of web pages. Specifically, its goal is to address the limitations of HTTP/1.1 and to remove existing bottlenecks like:-  - head of line blocking,  - inefficient use of underlying TCP connections,  - and header bloat SPDY achieves reduced latency through compression, multiplexing, and prioritisation. The name "SPDY" is a trademark of Google and is not an acronym. Implementing a new protocol across the web, where varieties of devices exists along with multiple range of OS across platforms, is like play with fire. This may lead to random dropped connections with no or very little troubleshooting information and will cause frustration for the end user. To deal with this, SPDY is delivered via SSL. End-to-end encrypted tunnel allows the client and the server to exchange SPDY frames without intervention by intermediate nodes. It's important

Cipher Suites

A cipher suite is a named combination of authentication , encryption , message authentication code (MAC) and key exchange algorithms used to negotiate the security settings for a network connection using the Transport Layer Security (TLS) / Secure Sockets Layer (SSL) network protocol. Usage When a TLS connection is established, a handshaking, known as the TLS Handshake Protocol, occurs. Within this handshake, a client hello (ClientHello) and a server hello (ServerHello) message are passed. First, the client sends a cipher suite list, a list of the cipher suites that it supports, in order of preference. Then the server replies with the cipher suite that it has selected from the client cipher suite list. Description of Algorithms In cryptography, a  message authentication code (MAC)  is a short piece of information used to authenticate a message and to provide integrity and authenticity assurances on the message. A MAC algorithm, accepts as input a secret key and an arbi