SSL, TLS, HTTPS Explained

แชร์
ฝัง
  • เผยแพร่เมื่อ 23 พ.ย. 2024

ความคิดเห็น • 319

  • @igwejk
    @igwejk ปีที่แล้ว +664

    An important point that's worth mentioning, otherwise the server-hello phase would be insecure, the client and server both have a trusted authority they could rely on for authenticating each other. The client verifies the server's SSL certificate with the certificate authority that issued it. This confirms that the server is who it says it is, and that the client is interacting with the actual owner of the domain.

    • @brucewayne2480
      @brucewayne2480 ปีที่แล้ว +50

      Yes because a certificate authority verified a domain owner and signed its data with its private key, that signature is included in the certificate , and the public key of known certificate authorities are stored in the browser

    • @lanyloh9876
      @lanyloh9876 ปีที่แล้ว +9

      I was wondering about this. Thank you!

    • @lawrencedoliveiro9104
      @lawrencedoliveiro9104 ปีที่แล้ว +4

      The client has a list of CA certs that it trusts, so it will accept any server cert that is signed by one of them.
      TLS can also be used for two-way authentication. Also for secure communication between different parts of your own organization, you can create your own CA cert and install that at the endpoints so they can trust each other.

    • @alexandermiasoiedov6637
      @alexandermiasoiedov6637 ปีที่แล้ว +4

      How does the server know that the client is not the hacker that sits in the middle? Namely, how does the server knows that session_key is authentic and generated by the client, but not by the hacker in the middle?

    • @igwejk
      @igwejk ปีที่แล้ว +2

      @@alexandermiasoiedov6637 The man in the middle should not be capable of decrypting the client's message.

  • @barbobrien9318
    @barbobrien9318 8 หลายเดือนก่อน +13

    Comprehensive and easy to understand. The best part is that the video was short!

  • @miehaga7444
    @miehaga7444 ปีที่แล้ว +32

    I love the audience of this channel, very polite, graceful and intellectual.

    • @ashu7pathak
      @ashu7pathak 6 หลายเดือนก่อน

      Thanks.

  • @ReflectionOcean
    @ReflectionOcean ปีที่แล้ว +115

    HTTPS is HTTP + TLS (Transport Layer Security)
    TLS is a handshake process between the client and server with asymmetric encryption to exchange a session key used for Data Transmission with symmetric encryption.

    • @noorzanayasmin7806
      @noorzanayasmin7806 ปีที่แล้ว

      is the key the SSL certificate verified by Certificate Authority?

    • @faultboy
      @faultboy ปีที่แล้ว +6

      You also watched the video? Interesting!

    • @geeksified
      @geeksified ปีที่แล้ว

      @@noorzanayasmin7806 ​ SSL cert is the certificate you bought from your hosting or anywhere you bought it from, which contains the public key, and when you create your csr, you will be given with the verified private key that can only be paired with your public key.

    • @PannasastraSR
      @PannasastraSR ปีที่แล้ว +6

      Your explanation is easy to understand than watch the video

    • @nikhil182
      @nikhil182 ปีที่แล้ว +6

      Good summary of the video!

  • @SantoshKumari-d8r
    @SantoshKumari-d8r 28 วันที่ผ่านมา +1

    I love how the audience effectively participating in Comments Sharing knowledge. That's the beauty of well educated environment.

  • @danielkrastev6786
    @danielkrastev6786 ปีที่แล้ว +8

    Best animation aesthetics ever. Pure joy to watch.

  • @cassianocampes
    @cassianocampes ปีที่แล้ว +88

    Direct to the point, clean, and easy to understand. Great content!

  • @cybrainx72
    @cybrainx72 7 หลายเดือนก่อน +24

    You missed the phase where Client has to validate is Certificate is signed by the trusted CA.

  • @mouhssineannouri5497
    @mouhssineannouri5497 8 หลายเดือนก่อน +5

    The session key isn't directly swapped between the client and server, even with asymmetric encryption. Instead, they exchange a random string of bytes, often referred to as a 'pre-master secret' or 'nonce', which serves as the basis for generating the session key on both ends using the algorithms previously agreed upon in the cipher suite exchange.

    • @يعقوبالدويك
      @يعقوبالدويك 8 หลายเดือนก่อน

      yo my moroccan bro can we contact thru fb or ig or whatsapp?

  • @asn65001
    @asn65001 ปีที่แล้ว +13

    I like that you didn't mention TLS 1.1 and below. No need to teach something that's going out the door. And thanks for pointing out the ciphers. In teaching others about TLS, I've found ciphers to be the hardest concept for people to grasp.

    • @jackscalibur
      @jackscalibur ปีที่แล้ว

      I think that everyone needs to understand the ciphers involved, but most people aren't going to be concerned with the technical details of the cryptographic algorithms.

  • @alaakhaleel9137
    @alaakhaleel9137 หลายเดือนก่อน

    Thank you bro, as my father always said, clean and easy, I want your room clean and attitude easy.

  • @lemonade2345-j4e
    @lemonade2345-j4e 6 หลายเดือนก่อน +1

    I can tell that you are a scientist. Wouldn't surprise me if you had a PHD. Really an articulate presentation with virtually no flutter. A rare sight on YT.

  • @ameyapatil1139
    @ameyapatil1139 8 หลายเดือนก่อน +1

    This was so so helpful straight to the point ! Worth every second ❤

  • @anshumansahu8476
    @anshumansahu8476 ปีที่แล้ว +1

    It is very nice and clean exlaination without messing up terminology..great job

  • @EricRodriguez-uu6gj
    @EricRodriguez-uu6gj 4 หลายเดือนก่อน

    You are very professional with your videos and your teaching; is a suggestion you should do a video with an A.I voice

  • @helgarudersleben480
    @helgarudersleben480 ปีที่แล้ว +3

    bytebytego team, i would like to thank you for your videos - they are not only illustrated really well, they are really informative!

  • @vitordeoliveira6139
    @vitordeoliveira6139 ปีที่แล้ว +2

    question: Diffie-Hellman (DH) is used for key exchange, the client and server exchange public keys and use them to generate a shared secret key that is used for symmetric encryption.
    Yes he share a public key also...

    • @misteroy9
      @misteroy9 ปีที่แล้ว

      Exactly, that's also my surprise he said it doesn't transfer the public key over the network.
      @ByteByteGo could you explain it?

  • @magic_pink_horse
    @magic_pink_horse ปีที่แล้ว +5

    You're the best presenter for this kind of stuff!

  • @rembautimes8808
    @rembautimes8808 9 หลายเดือนก่อน

    Excellent channel, well illustrated. A must watch for those in tech risk like me

  • @itscheckmate878
    @itscheckmate878 ปีที่แล้ว

    Best explanation I found on utube about TLS and ssl

  • @patricknelson
    @patricknelson ปีที่แล้ว +23

    Bravo. 👏 This is a very succinct high level explanation. I’m already somewhat familiar with the handshake, but this does a fantastic job summarizing things in an approachable fashion without diving into too much detail. Great thing is, there’s still plenty more to dive into as well and this provides a well structured guide on how to do that.

    • @javalisidda7983
      @javalisidda7983 ปีที่แล้ว

      🎉

    • @nishantdalvi9470
      @nishantdalvi9470 ปีที่แล้ว

      Yeah even I was confused about the how does certificate check and key exchange serially happens this video cleared my doubt

  • @goldfishbrainjohn2462
    @goldfishbrainjohn2462 ปีที่แล้ว +12

    Ordered your both system interview books, volume 1 and 2.
    Can't wait to read the books!

  • @Djsanddy
    @Djsanddy 8 หลายเดือนก่อน

    short and sweet tutorials
    really loving your channel

  • @ivanmatveev4313
    @ivanmatveev4313 ปีที่แล้ว +1

    Amazing!!
    The best video about HTTPs, I ever seen before!

  • @Passersby98
    @Passersby98 4 หลายเดือนก่อน

    Bro's animation and explaination are superb. 👍

  • @tesla1772
    @tesla1772 ปีที่แล้ว +2

    great explantion and to the point. also tls 1.3 solves forward secrecy problem of tsl1.2

  • @ARMOTISARMOTIS
    @ARMOTISARMOTIS ปีที่แล้ว

    it was really great fast and everything important was in this video thank you I watched more than 7 videos and put more than 1 hour to find you :) Thanks I understood everything clearly :)

  • @EbonySeraphim
    @EbonySeraphim 9 หลายเดือนก่อน

    Along with the top comment here, I think it is helpful to understand that step #2 Certificate Check involves the client cross referencing that the DNS name they resolved matches the hostname presented on the server's certificate. Otherwise, the TLS handshake will (appropriately) fail because even though the server certifcate may be valid and trusted, the server presenting it is not truly associated with it.

    • @hanshima_
      @hanshima_ 17 วันที่ผ่านมา

      Wow... that is important and helped me today. I was having some problems with a broker and was receiving invalid IP error.

  • @jeffg4686
    @jeffg4686 ปีที่แล้ว

    one of the best videos for overview on this.

  • @bala007raju
    @bala007raju ปีที่แล้ว

    so nicely explained , Thanks lot , Glad I found this video and channel . thanks again

  • @user-yz7ts2fq9m
    @user-yz7ts2fq9m 11 หลายเดือนก่อน

    wow, great and clear explanation! Thank you very much!

  • @QueeeeenZ
    @QueeeeenZ ปีที่แล้ว +7

    HTTPS is not a protocol technically, it is a scheme. The protocols used are actually called HTTP and TLS.

  • @thndesmondsaid
    @thndesmondsaid ปีที่แล้ว

    Thanks for the video. I think you could have explained more about what TLS and SSL are specifically, but thanks for explaining in detail how HTTPS works.

  • @unique_ruler_memes3003
    @unique_ruler_memes3003 2 หลายเดือนก่อน

    And one more main reason for not using symmetric key is :
    When server sends the public key only to the client. Not the private key.. so the client only can encrypt the data using public key it has received with the certificate, not able to decrypt any data came from the server.
    Thats why we use seasion key exchange..

  • @adilhashmi7608
    @adilhashmi7608 9 หลายเดือนก่อน

    clean and easy to understand thanks for this one

  • @andreadiotallevi5780
    @andreadiotallevi5780 4 หลายเดือนก่อน

    Thank you - beautifully explained!

  • @muratcan__22
    @muratcan__22 ปีที่แล้ว

    perfect straightforward. love it

  • @NadaII
    @NadaII 5 หลายเดือนก่อน

    Your content is fantastic. Thank you.

  • @lensimonchang
    @lensimonchang ปีที่แล้ว

    very clear elaboration and good sharing!, Appreciate!

  • @shamfervans2452
    @shamfervans2452 4 หลายเดือนก่อน

    Great content. Simply explained

  • @GildwareTechnologies
    @GildwareTechnologies ปีที่แล้ว +17

    SSL, TLS, and HTTPS are all cryptographic protocols used to ensure secure communication over the internet. They play a crucial role in protecting sensitive data transmitted between a client (such as a web browser) and a server. Let's explain each of these terms:
    SSL (Secure Sockets Layer):
    SSL is an older cryptographic protocol that was initially developed by Netscape in the 1990s. It was widely used to provide secure communication over the internet, especially for websites handling sensitive information like login credentials or credit card details. However, due to security vulnerabilities and weaknesses found in SSL, it has been largely deprecated and replaced by its successor, TLS.
    TLS (Transport Layer Security):
    TLS is the successor to SSL and was introduced as a more secure and robust cryptographic protocol. It operates at the transport layer of the internet communication stack and ensures secure data transmission between a client and a server. TLS uses a combination of symmetric and asymmetric encryption algorithms to establish a secure connection. The latest version of TLS at the time of writing is TLS 1.3, which has further improved security and performance over previous versions.
    HTTPS (Hypertext Transfer Protocol Secure):
    HTTPS is not a separate protocol but rather a combination of HTTP and TLS (or SSL in older implementations). It is the secure version of the standard HTTP protocol used for transmitting data between a client's web browser and a web server. When a website uses HTTPS, it means that the data exchanged between the client and the server is encrypted using TLS or SSL, ensuring that it cannot be intercepted or tampered with by unauthorized parties.
    When a user connects to an HTTPS-enabled website, the following steps occur:
    The client (web browser) sends a request to the server, indicating that it wants to establish a secure connection using HTTPS.
    The server responds with its SSL/TLS certificate, which contains the server's public key and other details.
    The client verifies the authenticity of the certificate by checking its validity and whether it is signed by a trusted Certificate Authority (CA).
    If the certificate is valid, the client and the server perform a handshake to negotiate the encryption algorithm and establish a secure connection.
    Once the secure connection is established, all data transmitted between the client and the server is encrypted and secure from eavesdropping or tampering.
    In summary, SSL and TLS are cryptographic protocols used for secure communication, with TLS being the more modern and secure version. HTTPS is the combination of HTTP and TLS (or SSL) and is used to ensure secure data transmission over the internet, especially for sensitive information. Enabling HTTPS on websites is crucial for protecting user data and ensuring a safe browsing experience.

    • @HazzyDevil
      @HazzyDevil ปีที่แล้ว +1

      LMFAO, did you really just get chatgpt to give you the answer? 💀

  • @tatianamarinmarulanda6958
    @tatianamarinmarulanda6958 4 หลายเดือนก่อน

    Love ALL your videos and channel! You rock!!!

  • @munteanionut3993
    @munteanionut3993 6 หลายเดือนก่อน

    Thanks a lot! This is very useful!
    03:47 it s hard to follow due to -I think- you using indefinite artical "a" (as in "a symmetric") vs the way "asymmetric" is pronounced. Also the fact that you added "symmetric encryption" to the diagram AFTER you mentioned your point. Sorry for nit-picking, just hope this would help anyone else

  • @oah8465
    @oah8465 ปีที่แล้ว +2

    hands down, you nailed it.

  • @venkybabu8140
    @venkybabu8140 ปีที่แล้ว +2

    Public keys were trapped sometimes and that's why no public keys travel. Mostly by NAT re-config. SSL means a set of algorithms accepted between with certificate means that the binary coded files used for decryption. Key means algorithm. Why public and private keys means that public used for encryption of the algorithm of choice and private is end to end algorithm transfer and use. About a thousand algorithm exchanges for a single transaction. So don't try.

  • @wwhill8033
    @wwhill8033 ปีที่แล้ว +2

    Excellent explanation!! Thanks

  • @yash1152
    @yash1152 ปีที่แล้ว

    4:41 >_"as with most optimizations; it's a bit harder to explain"_
    glad go be reminded of it (:

  • @hjxy2012
    @hjxy2012 ปีที่แล้ว +1

    Thank you. And how do you draw these magic architecture pictures?

  • @sbj0880
    @sbj0880 ปีที่แล้ว +4

    Very well explained - I love how soothing and insightful it is to go through your videos. How do you record these videos..curious?
    Thank you.

  • @vijaykumarreddyt3287
    @vijaykumarreddyt3287 ปีที่แล้ว

    For someone who may get confused, he is saying cipher suites not cyber suites

  • @s.m.hconstantin3887
    @s.m.hconstantin3887 ปีที่แล้ว

    incredible video
    That helped me a lot Thanks

  • @JJVee427
    @JJVee427 ปีที่แล้ว +1

    Simple, very well explained, thank you!

  • @MrJaved123
    @MrJaved123 ปีที่แล้ว +1

    Fantastic explanation.. Thank you

  • @skytechbits
    @skytechbits 17 วันที่ผ่านมา

    Love the cool channel name. Thanks for the great info.

  • @ricp
    @ricp ปีที่แล้ว +1

    Great expalantion, thanks!

  • @johnw.8782
    @johnw.8782 ปีที่แล้ว +3

    As always, great job. Looking forward to the next book.

  • @ovidiuandrei6013
    @ovidiuandrei6013 ปีที่แล้ว

    Very good explanation. Thanks man !

  • @_thehunter_
    @_thehunter_ ปีที่แล้ว +3

    what about root CA, you did not tell about it, this is main thing which helps identify the server otherwise server can be spoofed with MITM attack

  • @bestcuts4745
    @bestcuts4745 ปีที่แล้ว +1

    Beautifully explained. Classy video. Keep creating. !!!

  • @zixuanzhao6043
    @zixuanzhao6043 6 หลายเดือนก่อน +1

    DH alone is prone to man-in-the middle attack. So the certification verification is vitally important which the video doesn't cover much. Basically the server send a signature which is some private-key encrypted digestion of server identity information. The client then verify the public key through chain-of-trust by layers of authorities that issue certifications (system root authority is trusted unconditionally unless your local system is messed up). Using the verified public key the client decrypt the signature and compare the result to the digest generated through the negotiated digest/hash algorithm. If everything checks out, the server identity is trusted because only the private key owner is able to generate that signature.

  • @siddharthsorout3446
    @siddharthsorout3446 ปีที่แล้ว

    bytebytego team, i would like to thank you for your videos , really informative!

  • @prashanthb6521
    @prashanthb6521 ปีที่แล้ว

    This is excellent explanation.

  • @SeviersKain
    @SeviersKain ปีที่แล้ว

    I never wanted to understand those trivial details until I came across developing my own softwares...these things should be taught coherently together, not separately...

  • @aquarius2642
    @aquarius2642 ปีที่แล้ว

    Wonderful video explaining the internal working of SSL TLS.
    This got me wondering that about what other questions related to HTTPS SSL TLS do web developers need to know the answers to to be able to do their jobs. I doubt they need the internals of how HTTPS SSL TLS work.
    Web developers just need to understand
    1. Libraries that enable http requests and responses - client side and server side.
    2. What are the steps in getting a certificate
    3. what sort of attack are prevented through this kind of encryption
    4. what are the libraries objects methods that enable https on both client side and server side
    5. what are the steps relevant to setting up https tls and ssl on self hosted and cloud hosted servers

  • @kallenosf
    @kallenosf ปีที่แล้ว +2

    Could you tell us how you create the video animations?
    Thank you. Great video!

  • @chriseddisford1834
    @chriseddisford1834 ปีที่แล้ว

    Excellent video! Very well explained.

  • @danish6192
    @danish6192 6 หลายเดือนก่อน

    Great, just please add Certificate Verification as well

  • @caiohenrique5587
    @caiohenrique5587 ปีที่แล้ว +2

    How do you make those video animations ?

  • @Bobbel888
    @Bobbel888 หลายเดือนก่อน

    1:03 Assymetric encryption alone can be proxied, at least in cases ECC and RSA. Where does the protocol prevent a man-in-the-middle attack ?

  • @itskarthickm
    @itskarthickm ปีที่แล้ว +2

    May I know which tool that you used for the Illustration or to make the presentation? It is simply impressive and easy to understand..

  • @ruthwikd311
    @ruthwikd311 8 หลายเดือนก่อน

    Great explanation , but please be loud next time

  • @ilromape
    @ilromape ปีที่แล้ว

    very nice explanation. Thx

  • @hemanthkumartirupati
    @hemanthkumartirupati ปีที่แล้ว

    Excellent explanation

  • @juanmayen21
    @juanmayen21 ปีที่แล้ว

    Thanks so much for this video.

  • @Art-kz6zf
    @Art-kz6zf 4 หลายเดือนก่อน

    How does the client identify itself in the subsequent requests in the phase 4?
    Does the server need to keep in memory all the thousands of client specific session keys?

  • @nightking4615
    @nightking4615 ปีที่แล้ว +1

    Sir, what graphics software do you use for making your videos? Your illustrations are so good!

  • @Mandrickgmaing3
    @Mandrickgmaing3 ปีที่แล้ว

    Thanks man. Good lesson

  •  ปีที่แล้ว

    Very nice visuals!

  • @naveenbala4140
    @naveenbala4140 ปีที่แล้ว

    I have 2 doubts
    1. which public key and private key is known as assymetric keys .on server under .ssh present keys or ssl keys
    2. Secure data trasmission between client and server using client symmetric key or
    client will use server public key for encryption which will decrypt by server private key and server will use client symmetric key for encryption which will decrypt by client symmetric key

    • @QuantuMGriD
      @QuantuMGriD ปีที่แล้ว

      For 2nd question -
      a) AES, DES or similar algorithms are used for generating the session key (secret key ; symmetric key)
      b) This session key is then encrypted using the server's public key got from the digital certificate.
      c) The server on receiving this, decrypts it using its private key.
      d) Now, the client and the server have the session key.

  • @nicolepierce2517
    @nicolepierce2517 ปีที่แล้ว +1

    Very interesting need to know

  • @richarz87
    @richarz87 ปีที่แล้ว +1

    the animation looks great. which tool do you use?

  • @lucasguaru
    @lucasguaru ปีที่แล้ว

    I have a question. When this hand shake happens? It does for the first request and keep this connection stablished for the next calls or it does for every request?
    Im having difficult to imagine it if we have clusters, if the connection is kept alive.

  • @davidmoody2470
    @davidmoody2470 8 หลายเดือนก่อน

    Great video, thanks.

  • @rikybarbe
    @rikybarbe 9 หลายเดือนก่อน

    Hi, thanks for your videos, very helpful. I'm writing my master thesis and I'm looking for a way to compare TLS cipher suites about their computational cost. My main idea is about counting number of operations and related weigth for each algorithm in every cipher suites, but I can't find any information about these metrics or just a tool to implement RSA (e.g.) and understand the computational weigth, in order to compare the main cipher suites. Can you or anyone else give me any input to implement this metric? Many thanks

  • @aidataverse
    @aidataverse ปีที่แล้ว +1

    Very useful information

  • @sss-nl1uu
    @sss-nl1uu ปีที่แล้ว +1

    which animation software you used to create this video?

  • @zhujunwang1667
    @zhujunwang1667 ปีที่แล้ว +1

    Really good one! Thanks a lot!

  • @ciarancallaghan3810
    @ciarancallaghan3810 ปีที่แล้ว +2

    Love the videos. What software do you use to make the video animations?

    • @mario_luis_dev
      @mario_luis_dev ปีที่แล้ว

      i have the same exact question..These animations are so clean

    • @RaviChandraEnaganti
      @RaviChandraEnaganti ปีที่แล้ว +1

      @@mario_luis_dev In some other videos, it is mentioned that He uses Adobe Illustrator or some other adobe product.

  • @behrad9712
    @behrad9712 ปีที่แล้ว

    Thank you very much!🙏👌

  • @algovec4024
    @algovec4024 10 หลายเดือนก่อน

    Great video thank you!

  • @rl6382
    @rl6382 ปีที่แล้ว

    Sir.... how does your channel NOT HAVE 20M SUBS???!?!?!?!

  • @michallebel3236
    @michallebel3236 ปีที่แล้ว

    The client doesnt send the session key, both derive it from pre master key!

  • @hlexjava
    @hlexjava ปีที่แล้ว

    Question - so if we have private key. We can decrypt tcpdump file?

  • @_chris_6786
    @_chris_6786 ปีที่แล้ว

    Please, does anyone knows what is the simulations program?
    Thanks!
    And thank you for the video, outstanding explanation.

  • @Zmey5656
    @Zmey5656 5 หลายเดือนก่อน

    I used to think after TCP Handshake we start transmitting data and I forgot about the other two steps (Certificate check and Key Exchange). I was wrong(((( Thank you

  • @alaaalasi
    @alaaalasi 8 หลายเดือนก่อน

    What tool are you using to present the tutorial? Very nice 👍

  • @vincat84
    @vincat84 ปีที่แล้ว

    great video! thanks!!

  • @ouss0539
    @ouss0539 9 หลายเดือนก่อน

    amazing explanation

  • @ozilmatrix6334
    @ozilmatrix6334 ปีที่แล้ว

    Am I correct in saying TLS1.3 uses Symmetric encryption for key exchange since DH is symmetric?

  • @hakhanh86
    @hakhanh86 ปีที่แล้ว +1

    can you make video explain about CA certificate?