An important point that's worth mentioning, otherwise the server-hello phase would be insecure, the client and server both have a trusted authority they could rely on for authenticating each other. The client verifies the server's SSL certificate with the certificate authority that issued it. This confirms that the server is who it says it is, and that the client is interacting with the actual owner of the domain.

I can tell that you are a scientist. Wouldn't surprise me if you had a PHD. Really an articulate presentation with virtually no flutter. A rare sight on YT.

HTTPS is HTTP + TLS (Transport Layer Security) TLS is a handshake process between the client and server with asymmetric encryption to exchange a session key used for Data Transmission with symmetric encryption.

Direct to the point, clean, and easy to understand. Great content!

Comprehensive and easy to understand. The best part is that the video was short!

Best animation aesthetics ever. Pure joy to watch.

I really appreciate the content. Simple and insightful.

You're the best presenter for this kind of stuff!

bytebytego team, i would like to thank you for your videos - they are not only illustrated really well, they are really informative!

Bravo. 👏 This is a very succinct high level explanation. I’m already somewhat familiar with the handshake, but this does a fantastic job summarizing things in an approachable fashion without diving into too much detail. Great thing is, there’s still plenty more to dive into as well and this provides a well structured guide on how to do that.

It is very nice and clean exlaination without messing up terminology..great job

This was so so helpful straight to the point ! Worth every second ❤

short and sweet tutorials really loving your channel

I love the audience of this channel, very polite, graceful and intellectual.

Ordered your both system interview books, volume 1 and 2. Can't wait to read the books!

Thanks for the video. I think you could have explained more about what TLS and SSL are specifically, but thanks for explaining in detail how HTTPS works.

Very well explained - I love how soothing and insightful it is to go through your videos. How do you record these videos..curious? Thank you.

Best explanation I found on utube about TLS and ssl

As always, great job. Looking forward to the next book.

it was really great fast and everything important was in this video thank you I watched more than 7 videos and put more than 1 hour to find you :) Thanks I understood everything clearly :)

Amazing!! The best video about HTTPs, I ever seen before!

I like that you didn't mention TLS 1.1 and below. No need to teach something that's going out the door. And thanks for pointing out the ciphers. In teaching others about TLS, I've found ciphers to be the hardest concept for people to grasp.

Beautifully explained. Classy video. Keep creating. !!!

Excellent explanation!! Thanks

great explantion and to the point. also tls 1.3 solves forward secrecy problem of tsl1.2

Simple, very well explained, thank you!

The session key isn't directly swapped between the client and server, even with asymmetric encryption. Instead, they exchange a random string of bytes, often referred to as a 'pre-master secret' or 'nonce', which serves as the basis for generating the session key on both ends using the algorithms previously agreed upon in the cipher suite exchange.

Excellent channel, well illustrated. A must watch for those in tech risk like me

perfect straightforward. love it

one of the best videos for overview on this.

This is super clear! Thank you!

Fantastic explanation.. Thank you

wow, great and clear explanation! Thank you very much!

Excellent video! Very well explained.

Very good explanation. Thanks man !

so nicely explained , Thanks lot , Glad I found this video and channel . thanks again

hands down, you nailed it.

Really good one! Thanks a lot!

very clear elaboration and good sharing!, Appreciate!

clean and easy to understand thanks for this one

May I know which tool that you used for the Illustration or to make the presentation? It is simply impressive and easy to understand..

Could you tell us how you create the video animations? Thank you. Great video!

question: Diffie-Hellman (DH) is used for key exchange, the client and server exchange public keys and use them to generate a shared secret key that is used for symmetric encryption. Yes he share a public key also...

This is excellent explanation.

Great expalantion, thanks!

Along with the top comment here, I think it is helpful to understand that step #2 Certificate Check involves the client cross referencing that the DNS name they resolved matches the hostname presented on the server's certificate. Otherwise, the TLS handshake will (appropriately) fail because even though the server certifcate may be valid and trusted, the server presenting it is not truly associated with it.

incredible video That helped me a lot Thanks

the animation looks great. which tool do you use?

Sir, what graphics software do you use for making your videos? Your illustrations are so good!

beautifully presented. well done keep up the good work my friend

Thanks man. Good lesson

Thanks a lot! This is very useful! 03:47 it s hard to follow due to -I think- you using indefinite artical "a" (as in "a symmetric") vs the way "asymmetric" is pronounced. Also the fact that you added "symmetric encryption" to the diagram AFTER you mentioned your point. Sorry for nit-picking, just hope this would help anyone else

Great video, thanks.

DH alone is prone to man-in-the middle attack. So the certification verification is vitally important which the video doesn't cover much. Basically the server send a signature which is some private-key encrypted digestion of server identity information. The client then verify the public key through chain-of-trust by layers of authorities that issue certifications (system root authority is trusted unconditionally unless your local system is messed up). Using the verified public key the client decrypt the signature and compare the result to the digest generated through the negotiated digest/hash algorithm. If everything checks out, the server identity is trusted because only the private key owner is able to generate that signature.

very nice explanation. Thx

Hi, In your System-Design PDF, one of the reasons to switch to symmetric encryption was mentioned this: "Security: The asymmetric encryption goes only one way. This means that if the server tries to send the encrypted data back to the client, anyone can decrypt the data using the public key." Is this statement correct? If yes, can you please explain?

Great video thank you!

great video! thanks!!

Excellent explanation

Very nice visuals!

Very useful information

Thanks so much for this video.

Public keys were trapped sometimes and that's why no public keys travel. Mostly by NAT re-config. SSL means a set of algorithms accepted between with certificate means that the binary coded files used for decryption. Key means algorithm. Why public and private keys means that public used for encryption of the algorithm of choice and private is end to end algorithm transfer and use. About a thousand algorithm exchanges for a single transaction. So don't try.

Brilliant!👍

clear and helpful👋

which animation software you used to create this video?

I have a question. When this hand shake happens? It does for the first request and keep this connection stablished for the next calls or it does for every request? Im having difficult to imagine it if we have clusters, if the connection is kept alive.

I have a question about TCP Connection while client surfing the web site. As I understood, when client connect to the web server as a first time, then the task, as the video explained, will be proceeded between client and server side. After once the client & the server release their connection, TCP Close, Is the client and the server have to re-proceed the progress? Or the client just can use the exist Asymmetric & Symmetric keys?

May I know what tools do you use to create this animation? Thanks!

Can the above listed communication between client and server. Can it be seen in something like wireshark? If yes could an example be shown?

Very interesting need to know

Thank you very much!🙏👌

How do you make those video animations ?

SSL, TLS, and HTTPS are all cryptographic protocols used to ensure secure communication over the internet. They play a crucial role in protecting sensitive data transmitted between a client (such as a web browser) and a server. Let's explain each of these terms: SSL (Secure Sockets Layer): SSL is an older cryptographic protocol that was initially developed by Netscape in the 1990s. It was widely used to provide secure communication over the internet, especially for websites handling sensitive information like login credentials or credit card details. However, due to security vulnerabilities and weaknesses found in SSL, it has been largely deprecated and replaced by its successor, TLS. TLS (Transport Layer Security): TLS is the successor to SSL and was introduced as a more secure and robust cryptographic protocol. It operates at the transport layer of the internet communication stack and ensures secure data transmission between a client and a server. TLS uses a combination of symmetric and asymmetric encryption algorithms to establish a secure connection. The latest version of TLS at the time of writing is TLS 1.3, which has further improved security and performance over previous versions. HTTPS (Hypertext Transfer Protocol Secure): HTTPS is not a separate protocol but rather a combination of HTTP and TLS (or SSL in older implementations). It is the secure version of the standard HTTP protocol used for transmitting data between a client's web browser and a web server. When a website uses HTTPS, it means that the data exchanged between the client and the server is encrypted using TLS or SSL, ensuring that it cannot be intercepted or tampered with by unauthorized parties. When a user connects to an HTTPS-enabled website, the following steps occur: The client (web browser) sends a request to the server, indicating that it wants to establish a secure connection using HTTPS. The server responds with its SSL/TLS certificate, which contains the server's public key and other details. The client verifies the authenticity of the certificate by checking its validity and whether it is signed by a trusted Certificate Authority (CA). If the certificate is valid, the client and the server perform a handshake to negotiate the encryption algorithm and establish a secure connection. Once the secure connection is established, all data transmitted between the client and the server is encrypted and secure from eavesdropping or tampering. In summary, SSL and TLS are cryptographic protocols used for secure communication, with TLS being the more modern and secure version. HTTPS is the combination of HTTP and TLS (or SSL) and is used to ensure secure data transmission over the internet, especially for sensitive information. Enabling HTTPS on websites is crucial for protecting user data and ensuring a safe browsing experience.

Please, does anyone knows what is the simulations program? Thanks! And thank you for the video, outstanding explanation.

Thanks for information

Thank you brother

Thank you. And how do you draw these magic architecture pictures?

great video

Love the videos. What software do you use to make the video animations?

Here server means Load balancer- correct? There might be 100s of hosts running behind load balancer. Does client establish connection to one of those hosts or the front facing load balancer?

If public keys are sent to the client, can this be exported somewhere and then the middle-man then creates his own request with a fully verified client cert (supposing the device was "forcefully" verified the domain it's targeting to)?

once I close the browser tab is the TLS handshake ends? or TCP handshake ends? or what will happen? When does TCP and TLS handshake ends

How you create these content animations? Can you give us some details about that?

Question - so if we have private key. We can decrypt tcpdump file?

Am I correct in saying TLS1.3 uses Symmetric encryption for key exchange since DH is symmetric?

What tool are you using to present the tutorial? Very nice 👍

@bytebytego - recently i faced an issue while onboarding a Thanos sidecar (aws account) instance into my Thanos querier (different aws account). The logs showed that the Thanos endpoint cert is from LetsEncrypt and the ThanosQueries is from Route53. Due to it being LetsEncryt it does not recognize the cert authority. How tk fix this?

Thank you.

Awesome!

Great, just please add Certificate Verification as well

one question, is rsa used to generate the session key ?

Hi, thanks for your videos, very helpful. I'm writing my master thesis and I'm looking for a way to compare TLS cipher suites about their computational cost. My main idea is about counting number of operations and related weigth for each algorithm in every cipher suites, but I can't find any information about these metrics or just a tool to implement RSA (e.g.) and understand the computational weigth, in order to compare the main cipher suites. Can you or anyone else give me any input to implement this metric? Many thanks

Nice video

Could anyone tell me what keyword can I make PPT like this !!! Thanks a lot !

awesome!

does a recovery drive act as part of the OS?

Thanks Lam

How to set TLS version? Who provides TLS version? Is it OS or JVM?

In the last sentence did you mean to say "without ever having exchange private key..." instead of public key ?