An important point that's worth mentioning, otherwise the server-hello phase would be insecure, the client and server both have a trusted authority they could rely on for authenticating each other. The client verifies the server's SSL certificate with the certificate authority that issued it. This confirms that the server is who it says it is, and that the client is interacting with the actual owner of the domain.

Comprehensive and easy to understand. The best part is that the video was short!

I love the audience of this channel, very polite, graceful and intellectual.

HTTPS is HTTP + TLS (Transport Layer Security) TLS is a handshake process between the client and server with asymmetric encryption to exchange a session key used for Data Transmission with symmetric encryption.

Best animation aesthetics ever. Pure joy to watch.

Direct to the point, clean, and easy to understand. Great content!

I love how the audience effectively participating in Comments Sharing knowledge. That's the beauty of well educated environment.

The session key isn't directly swapped between the client and server, even with asymmetric encryption. Instead, they exchange a random string of bytes, often referred to as a 'pre-master secret' or 'nonce', which serves as the basis for generating the session key on both ends using the algorithms previously agreed upon in the cipher suite exchange.

I can tell that you are a scientist. Wouldn't surprise me if you had a PHD. Really an articulate presentation with virtually no flutter. A rare sight on YT.

The easiest explanation of a complex topic ever done in less than 6 mins !

I like that you didn't mention TLS 1.1 and below. No need to teach something that's going out the door. And thanks for pointing out the ciphers. In teaching others about TLS, I've found ciphers to be the hardest concept for people to grasp.

This was so so helpful straight to the point ! Worth every second ❤

Ordered your both system interview books, volume 1 and 2. Can't wait to read the books!

You missed the phase where Client has to validate is Certificate is signed by the trusted CA.

Thank you bro, as my father always said, clean and easy, I want your room clean and attitude easy.

Amazing!! The best video about HTTPs, I ever seen before!

You're the best presenter for this kind of stuff!

bytebytego team, i would like to thank you for your videos - they are not only illustrated really well, they are really informative!

Bravo. 👏 This is a very succinct high level explanation. I’m already somewhat familiar with the handshake, but this does a fantastic job summarizing things in an approachable fashion without diving into too much detail. Great thing is, there’s still plenty more to dive into as well and this provides a well structured guide on how to do that.

It is very nice and clean exlaination without messing up terminology..great job

it was really great fast and everything important was in this video thank you I watched more than 7 videos and put more than 1 hour to find you :) Thanks I understood everything clearly :)

Awesome video short ,clear , easy to understand thank you !!! 😀

You are very professional with your videos and your teaching; is a suggestion you should do a video with an A.I voice

Best explanation I found on utube about TLS and ssl

short and sweet tutorials really loving your channel

Excellent channel, well illustrated. A must watch for those in tech risk like me

Along with the top comment here, I think it is helpful to understand that step #2 Certificate Check involves the client cross referencing that the DNS name they resolved matches the hostname presented on the server's certificate. Otherwise, the TLS handshake will (appropriately) fail because even though the server certifcate may be valid and trusted, the server presenting it is not truly associated with it.

Bro's animation and explaination are superb. 👍

question: Diffie-Hellman (DH) is used for key exchange, the client and server exchange public keys and use them to generate a shared secret key that is used for symmetric encryption. Yes he share a public key also...

Love ALL your videos and channel! You rock!!!

great explantion and to the point. also tls 1.3 solves forward secrecy problem of tsl1.2

hands down, you nailed it.

one of the best videos for overview on this.

Love the cool channel name. Thanks for the great info.

As always, great job. Looking forward to the next book.

so nicely explained , Thanks lot , Glad I found this video and channel . thanks again

Thank you, you explain it very well

wow, great and clear explanation! Thank you very much!

Great content. Simply explained

perfect straightforward. love it

Your content is fantastic. Thank you.

Wow very nice explanation 🎉

Thank you - beautifully explained!

Excellent explanation!! Thanks

clean and easy to understand thanks for this one

Beautifully explained. Classy video. Keep creating. !!!

Thanks for the video. I think you could have explained more about what TLS and SSL are specifically, but thanks for explaining in detail how HTTPS works.

Very informative video. Thanks

Very well explained - I love how soothing and insightful it is to go through your videos. How do you record these videos..curious? Thank you.

Thanks a lot! This is very useful! 03:47 it s hard to follow due to -I think- you using indefinite artical "a" (as in "a symmetric") vs the way "asymmetric" is pronounced. Also the fact that you added "symmetric encryption" to the diagram AFTER you mentioned your point. Sorry for nit-picking, just hope this would help anyone else

Great expalantion, thanks!

And one more main reason for not using symmetric key is : When server sends the public key only to the client. Not the private key.. so the client only can encrypt the data using public key it has received with the certificate, not able to decrypt any data came from the server. Thats why we use seasion key exchange..

"Client Hello" LOL hilarious. Computers really do appreciate kindness

Fantastic explanation.. Thank you

very clear elaboration and good sharing!, Appreciate!

Simple, very well explained, thank you!

5:30 about diffie hellman I think you wanted to say "Without ever transmitting over the network the private key" the public key is of course shared using a trusted CA...

4:41 >_"as with most optimizations; it's a bit harder to explain"_ glad go be reminded of it (:

Very good explanation. Thanks man !

HTTPS is not a protocol technically, it is a scheme. The protocols used are actually called HTTP and TLS.

bytebytego team, i would like to thank you for your videos , really informative!

incredible video That helped me a lot Thanks

Does the client create a private key and share it with the server in the key exchange process?

Thank you very much!🙏👌

Excellent video! Very well explained.

This is excellent explanation.

Very nice visuals!

Thanks so much for this video.

Excellent explanation

Public keys were trapped sometimes and that's why no public keys travel. Mostly by NAT re-config. SSL means a set of algorithms accepted between with certificate means that the binary coded files used for decryption. Key means algorithm. Why public and private keys means that public used for encryption of the algorithm of choice and private is end to end algorithm transfer and use. About a thousand algorithm exchanges for a single transaction. So don't try.

very nice explanation. Thx

Wonderful video explaining the internal working of SSL TLS. This got me wondering that about what other questions related to HTTPS SSL TLS do web developers need to know the answers to to be able to do their jobs. I doubt they need the internals of how HTTPS SSL TLS work. Web developers just need to understand 1. Libraries that enable http requests and responses - client side and server side. 2. What are the steps in getting a certificate 3. what sort of attack are prevented through this kind of encryption 4. what are the libraries objects methods that enable https on both client side and server side 5. what are the steps relevant to setting up https tls and ssl on self hosted and cloud hosted servers

Very interesting need to know

Thanks man. Good lesson

Thank you. And how do you draw these magic architecture pictures?

Really good one! Thanks a lot!

1:03 Assymetric encryption alone can be proxied, at least in cases ECC and RSA. Where does the protocol prevent a man-in-the-middle attack ?

DH alone is prone to man-in-the middle attack. So the certification verification is vitally important which the video doesn't cover much. Basically the server send a signature which is some private-key encrypted digestion of server identity information. The client then verify the public key through chain-of-trust by layers of authorities that issue certifications (system root authority is trusted unconditionally unless your local system is messed up). Using the verified public key the client decrypt the signature and compare the result to the digest generated through the negotiated digest/hash algorithm. If everything checks out, the server identity is trusted because only the private key owner is able to generate that signature.

Great video, thanks.

I have a question. When this hand shake happens? It does for the first request and keep this connection stablished for the next calls or it does for every request? Im having difficult to imagine it if we have clusters, if the connection is kept alive.

How do you make those video animations ?

How does the client identify itself in the subsequent requests in the phase 4? Does the server need to keep in memory all the thousands of client specific session keys?

great video! thanks!!

Great video thank you!

Sir.... how does your channel NOT HAVE 20M SUBS???!?!?!?!

This is super clear! Thank you!

Very useful information

Great, just please add Certificate Verification as well

Question - so if we have private key. We can decrypt tcpdump file?

amazing explanation

Is not storing the session key on client side, e.g. browser, unsafe?

I have a question about TCP Connection while client surfing the web site. As I understood, when client connect to the web server as a first time, then the task, as the video explained, will be proceeded between client and server side. After once the client & the server release their connection, TCP Close, Is the client and the server have to re-proceed the progress? Or the client just can use the exist Asymmetric & Symmetric keys?

I never wanted to understand those trivial details until I came across developing my own softwares...these things should be taught coherently together, not separately...

Brilliant!👍

May I know which tool that you used for the Illustration or to make the presentation? It is simply impressive and easy to understand..

great video

clear and helpful👋

Thank you 😊

Great explanation , but please be loud next time

@bytebytego - recently i faced an issue while onboarding a Thanos sidecar (aws account) instance into my Thanos querier (different aws account). The logs showed that the Thanos endpoint cert is from LetsEncrypt and the ThanosQueries is from Route53. Due to it being LetsEncryt it does not recognize the cert authority. How tk fix this?