in TLs 1.2 or previous, the encryption was Assymetric, followed by symetric. How is it happening in 1.3?
@devcentral6 жыл бұрын
Great question Adarsh! As you noted, the encryption in TLS 1.2 and earlier is asymmetric (for sharing keys) followed by symmetric (for bulk encryption). In TLS 1.3 the same thing happens. The keys are shared via asymmetric encryption (in fact, it's mandatory in TLS 1.3 that the client and server use Perfect Forward Secret ciphers for key exchange) but then the bulk encryption is done using symmetric encryption. I hope this helps!
@lemandemirova6975 жыл бұрын
▶️
@nitishemmanuel31835 жыл бұрын
A packet capture of the handshake showed also be shown and/or made available to be downloaded.
@mrRDX0015 жыл бұрын
I have a small doubt, prior to 1.3 the client used to generate the Pre Master Key and encrypt it with servers public key, as per your demonstration Client is sending Key share before even getting the Public key, does it mean that client already gets the public key from the repository and encrypts it and send ? Thank you in advance :)
@devcentral5 жыл бұрын
Hi Jubair...great question! Prior to TLS 1.3, the client and server could use the RSA algorithm to exchange keys. In RSA, the client uses the server's public key to encrypt the pre-master secret as you mentioned. However, in TLS 1.3, RSA is not allowed to be used for key exchange. In TLS 1.3, the Diffie Hellman key exchange is used to exchange keys. The Diffie Hellman key exchange requires that both the client and server generate their own random integer values and then send other calculated values to each other that are based on their own secret values. So, the "key share" referenced here is the client's calculated value that it sends to the server. It can send this without ever receiving anything from the server. Here's a video I did on the Diffie Hellman key exchange: kzbin.info/www/bejne/ppKXoKall5aLhc0 And, here's one on Perfect Forward Secrecy: kzbin.info/www/bejne/f5ywZIVjgKmoapY I hope this helps!
@mrRDX0015 жыл бұрын
@@devcentral Wow, thank you very much for the reply, I am new to F5 and learning, let me know if there are documents I can get to be a skilled F5 admin, thanks a ton again 😊
@muhammadsiddiqui95222 жыл бұрын
But TLS 1.2 could also use ECDH for key exchange, so ?
@muratzhumagali46044 жыл бұрын
I seen Diffie Hellman been used with RSA for assymetric part in tls 1.2. If it's not the case in 1.3, then there might be successful man in the middle attack?
@abhaypratap53116 жыл бұрын
sir what about version negotiation happen between client TLS and server TLS i mean if client has new version like 1.2 and server has 1.3 or vice versa then connection established or not? please make a shot video on that.
@devcentral6 жыл бұрын
ultimately, the server gets to make the final call on the cipher suite, version, etc. the server (and/or client) can be configured to use multiple versions of TLS (1.1, 1.2, 1.3). If, for example, the client is trying to talk via TLS 1.3 and the server can only talk TLS 1.2, then the client (if configured) would back down to TLS 1.2 and the connection would be established using TLS 1.2. If the client was only configured to talk TLS 1.3 and the server was only configured to talk TLS 1.2 (or vice versa), then the connection would terminate because they couldn't both find a version that they are both configured to talk with. Hope this helps!
@nibmz74 жыл бұрын
Hi. So in TLS 1.3, does it mean the server's public key no longer plays a role in the whole encryption process?
@vinaygudi20893 жыл бұрын
i think he meant public key when he said certificate from server
@devcentral3 жыл бұрын
Hi Nur...great question! The server's public key (which is included in the larger certificate) is still used for authentication purposes...typically using RSA for authentication. But, TLS 1.3 uses only Perfect Forward Secret ciphers for key exchange...so the key exchange algorithms are all Diffie Hellman. Diffie Hellman doesn't use the server's public/private keys for key exchange. So, the server's keys are still used for authenticating the server to the browser (i.e. is this the correct server to be connecting), but the server's keys are not used for key exchange with TLS 1.3. I hope this helps!
@dhanushshetty78402 жыл бұрын
@@devcentral how does this prevent man in the middle attack?
@alekkras34874 жыл бұрын
Great video, very clear! A suggestion for the future, what do you guys think about creating a nice infographic with high resolution for the future to use in explanations?
@JasserHussain6 жыл бұрын
What is the keyshare ypu are talking about? Please explain it in detail....
@devcentral6 жыл бұрын
Hi...great question! The idea with keyshare is that the Client and Server both have to provide information to one another in order to calculate the symmetric key that will be used for bulk encryption. The TLS handshake is the process that (among other things) shares the information between Client and Server so that they can each independently calculate the symmetric key used for the bulk encryption. During this process, each of the Client and Server contributes their "share" of information needed to ultimately generate the symmetric key. As for the exact information needed from each side, it depends on the exact cipher suite choses for key exchange and bulk encryption. For example, if a Diffie-Hellman key exchange is chosen, each side will need to contribute their portion of the Diffie-Hellman calculations so that they can independently calculate the shared key for bulk encryption. They can't calculate the shared symmetric key until they have the key exchange information from the other party (Client/Server). In TLS 1.3, the handshake process speeds up significantly because the Client preemptively guesses the cipher suite that the Server will choose. The server still has the final say on which cipher suite is chosen, but many times the Client can guess the correct cipher suite before the Server confirms the chosen suite. Because of this, the Client can go ahead and send what would be the key exchange information for the chosen cipher suite when it initially sends the "Hello". Then, the Server can calculate the shared symmetric key and go ahead and start encrypting data very early in the handshake process. I hope this helps!
@mahathidevulapalli86734 жыл бұрын
Thanks for explaining it
@devcentral4 жыл бұрын
glad you enjoyed it!
@neadlead26212 жыл бұрын
very clear thank you
@devcentral2 жыл бұрын
Glad you liked it and thanks for the comment!
@business54810 ай бұрын
Amazing work.
@jimmy_dee6 жыл бұрын
Great video. Well explained.
@devcentral6 жыл бұрын
glad you enjoyed it!
@mountainslopes3 жыл бұрын
Excellent videos!
@devcentral3 жыл бұрын
Glad you enjoyed it!
@danish61926 ай бұрын
1. the tcp handshake still occurs 2. certificate verification also happens
@TheZiZaZo6 жыл бұрын
Thank you, great explanation!
@devcentral6 жыл бұрын
glad you enjoyed it!
@TheZiZaZo6 жыл бұрын
Would you say Diffie-Hellman is the most common key exchange algorithm used for TLS 1.3 connections?
@devcentral6 жыл бұрын
yes, definitely. in fact, it's extremely common among TLS 1.2 connections as well. thanks!
@thoughtslibrary5 жыл бұрын
where person is writing ? is this on a glass? how is this annotation works can anyone explain it to me?
@adithyavaishnav40815 жыл бұрын
kzbin.info/www/bejne/rX_RpIhnmp2opa8
@thoughtslibrary5 жыл бұрын
@@adithyavaishnav4081 thanks man
@gauravsaini54016 жыл бұрын
Well explained
@devcentral6 жыл бұрын
glad you enjoyed it!
@davidadamson15885 жыл бұрын
How does he write mirrored so perfect? 😳
@joechieftain5 жыл бұрын
kzbin.info/www/bejne/i2iokH9qrKiDisU
@dota2tournamentss Жыл бұрын
the trick is he write normally but in post production they mirror the image so from our perspective text is normal
@leogenius8124 жыл бұрын
amazing the way he writes backwards the entire video
@devcentral4 жыл бұрын
you can see how we create these here! kzbin.info/www/bejne/i2iokH9qrKiDisU
@RS250Squid3 жыл бұрын
At the start of the video: "Now I'm gonna learn more about TLS". A few seconds later "But first I'm gonna learn how he writes backwards!"
@techevangelist8373 Жыл бұрын
90% stuff not needed/related....Cummon...Get into the details of 1.3..This I felt like scratching the surface.Remember sitting in an interview and talking like this..I dont think even F5 will hire you if you talk exactly the guy in the video explained...This is so useless stuff I felt like...