Understanding TLS/HTTPS

What TLS guarantees, the handshake (ClientHello→certificate→key exchange), TLS 1.2 vs 1.3, certificates and CAs, SNI, ALPN, cipher suites, and mixed content.

HTTPS is not a separate protocol — it is HTTP carried over TLS (Transport Layer Security). The browser and server first establish a TLS session, creating an encrypted tunnel, and then exchange ordinary HTTP requests and responses inside it. That's why on an https:// connection the whole exchange — URL path, headers, and body — is encrypted on the wire, so an attacker in the middle can neither read nor tamper with it.

The three guarantees TLS provides

TLS delivers three security properties at once. Confidentiality hides the traffic with symmetric encryption; integrity detects tampering in transit via AEAD (e.g., AES-GCM, ChaCha20-Poly1305) or a MAC; and authentication uses a certificate to prove the peer really owns the domain you think you're talking to. Confidentiality without authentication is a trap: the data is encrypted, but you don't know *who* you're securely talking to, leaving you fully exposed to a man-in-the-middle.

The handshake: full TLS 1.2 flow

A classic TLS 1.2 handshake takes several round trips. The client sends a ClientHello advertising its supported TLS versions, cipher suite list, and a random value; the server answers with a ServerHello naming the chosen parameters plus its Certificate. They then exchange key-exchange parameters, both sides derive the same symmetric session key, and a Finished message locks the handshake in.

Client                                    Server
  |  ClientHello (versions, ciphers, rand)   |
  | ---------------------------------------> |
  |  ServerHello (chosen cipher, rand)        |
  |  Certificate (server cert chain)          |
  |  ServerKeyExchange (ECDHE params)         |
  |  ServerHelloDone                          |
  | <--------------------------------------- |
  |  ClientKeyExchange (ECDHE pubkey)         |
  |  ChangeCipherSpec / Finished              |
  | ---------------------------------------> |
  |  ChangeCipherSpec / Finished              |
  | <--------------------------------------- |
  |  ==== encrypted application data ====     |

The crucial step is the key exchange. Modern deployments almost always use ECDHE (elliptic-curve Diffie-Hellman, ephemeral). A fresh temporary key pair per session derives the session key, so even if the server's private key later leaks, previously recorded traffic can't be decrypted. This property is called forward secrecy, a major advantage that old static-RSA key exchange lacked.

TLS 1.2 vs TLS 1.3

TLS 1.3 (RFC 8446) dramatically simplified and sped up the handshake while removing weak legacy algorithms.

Certificates and CAs

A server certificate is a document in which a Certificate Authority (CA) vouches, with its signature, that 'this public key belongs to this domain.' The browser walks the certificate chain the server sends until it reaches a root CA it trusts, then checks that the domain name (and SANs) match, that the validity period hasn't expired, and that it hasn't been revoked. Free CAs like Let's Encrypt, together with ACME automation, mean issuance and renewal are largely automatic today.

SNI and ALPN

Because one IP now hosts many domains, the server needs to know which domain's certificate the client wants. SNI (Server Name Indication) solves this by carrying the target hostname in the ClientHello. SNI is sent in the clear, though, exposing the hostname to observers; the follow-up standard that hides it is ECH (Encrypted Client Hello). Separately, ALPN (Application-Layer Protocol Negotiation) agrees on the application protocol to use next (h2, http/1.1, …) within the same handshake, so the connection can jump straight to HTTP/2 with no extra round trip.

Cipher suites and mixed content

A cipher suite bundles the key exchange, authentication, symmetric cipher, and hash algorithms (e.g., TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256). Servers should be configured to prefer only strong suites. Finally, a common real-world snag is mixed content: when an HTTPS page loads images or scripts over http://, browsers block or warn. Active mixed content like scripts can undermine the whole page's security and is always blocked. The fix is to serve every subresource over https:// (use explicit https rather than relying on protocol-relative URLs).