InfoSec Notes
Deep dive into HTTPS, SSL/TLS protocol handshake, certificate verification, cipher suites, and secure transport layer communication.
What is HTTPS?
HTTPS (HTTP Secure) is HTTP over TLS (Transport Layer Security). It provides encrypted communication between a client (browser) and server, preventing eavesdropping, tampering, and impersonation.
TLS 1.3 Handshake
TLS 1.3 Cipher Suites
| Cipher Suite | Key Exchange | Authentication | Encryption | Hash |
|---|---|---|---|---|
| TLS_AES_256_GCM_SHA384 | ECDHE | Certificate | AES-256-GCM | SHA-384 |
| TLS_AES_128_GCM_SHA256 | ECDHE | Certificate | AES-128-GCM | SHA-256 |
| TLS_CHACHA20_POLY1305_SHA256 | ECDHE | Certificate | ChaCha20-Poly1305 | SHA-256 |
Certificate Verification Process
Common TLS Vulnerabilities
| Vulnerability | Year | Impact | Prevention |
|---|---|---|---|
| BEAST | 2011 | CBC mode attack in TLS 1.0 | Use TLS 1.2+ |
| CRIME | 2012 | Compression reveals secrets | Disable TLS compression |
| Heartbleed | 2014 | OpenSSL memory leak | Patch OpenSSL, revoke certs |
| POODLE | 2014 | SSLv3 padding oracle | Disable SSLv3 |
| DROWN | 2016 | SSLv2 cross-protocol attack | Disable SSLv2 everywhere |
| ROBOT | 2017 | RSA key exchange vulnerability | Use ECDHE only (TLS 1.3) |
HSTS (HTTP Strict Transport Security)
HSTS Header
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Effect
- Browser remembers to always use HTTPS for this domain
- Prevents SSL stripping attacks
- Converts any HTTP links to HTTPS before requesting
- preload: Added to browser's built-in HSTS list
Interview Questions
- Explain the TLS 1.3 handshake and how it differs from TLS 1.2.
- TLS 1.3 completes in 1 round trip (vs 2 for TLS 1.2). The client sends key shares in ClientHello (speculating which algorithm server will choose). TLS 1.3 removed insecure options (RSA key exchange, CBC), requires forward secrecy, and encrypts more of the handshake.
- What is forward secrecy and why does TLS 1.3 mandate it?
- Forward secrecy (via ephemeral ECDHE) means each session uses unique temporary keys that are discarded after use. If the server's long-term private key is later compromised, past recorded sessions cannot be decrypted. TLS 1.3 mandates it by removing RSA key exchange.
- What was the Heartbleed vulnerability and why was it so severe?
- A bug in OpenSSL's heartbeat extension allowed attackers to read up to 64KB of server memory per request, potentially exposing private keys, session tokens, and user data. Severity: no authentication needed, no logs generated, widespread (17% of TLS servers affected).
- How does HSTS prevent SSL stripping attacks?
- Without HSTS, an attacker can intercept the initial HTTP request and prevent the redirect to HTTPS (Moxie Marlinspike's sslstrip tool). HSTS tells the browser to always use HTTPS, even for the first request. With preloading, the browser knows to use HTTPS before ever contacting the server.
- Why was RSA key exchange removed from TLS 1.3?
- RSA key exchange doesn't provide forward secrecy: the session key is encrypted with the server's RSA key and sent. If that RSA key is ever compromised, all past sessions can be decrypted. ECDHE creates ephemeral keys per session, discarded immediately after.
Exam Focus
Revise definitions, diagrams, examples, and short-answer points for HTTPS and SSL/TLS.
Interview Use
Prepare one clear explanation, one practical example, and one common mistake for this Information Security topic.
Search Terms
information-security, information security, information, security, web, https, and, ssl
Related Information Security Topics