TLS & HTTPS

Every byte between a client and your server passes through routers you don't control. Without encryption, anyone on the path reads passwords, session tokens, the works. TLS encrypts it all — but also adds latency (the handshake) and cost (certificate management). Getting this right matters; getting it wrong is a CVE.

TLS + HTTP = HTTPS. In 2025 there is no reason to serve anything over plain HTTP. Let's Encrypt made certs free. Let's understand what's actually happening under the lock icon.

• Confidentiality — encrypted in transit.
• Integrity — tampered bytes detected (via HMAC).
• Authentication — you're actually talking to api.example.com, not a man-in-the-middle pretending to be (via the certificate chain).

Mutual TLS (mTLS) adds the reverse: the server verifies the client too. Used heavily in service-to-service auth inside trusted networks.

One round-trip in TLS 1.3 (vs two in 1.2). Standard procedure for a new connection:

1. ClientHello — client sends supported cipher suites, a random number, and its ephemeral public key.
2. ServerHello — server picks a cipher, sends its certificate, its own random, its ephemeral public key, and a MAC over everything.
3. Both sides derive a shared secret from the two ephemeral keys (Diffie-Hellman). Subsequent data is encrypted with AES-GCM or ChaCha20-Poly1305 using the derived key.

Total: one round-trip. For a repeat visitor with session resumption, zero round-trips to start sending data (0-RTT mode).

Your server presents a certificate signed by an intermediate CA, which is signed by a root CA. Browsers ship with the root CAs' public keys baked in; the chain verifies up to that trust anchor.

When your cert is about to expire, your deploy has to refresh it. Let's Encrypt issues 90-day certs; their ACME protocol automates renewal via bots like certbot. Always automate renewal — manual means you'll forget once, and the outage is a 2am incident.

SNI (Server Name Indication): since many sites share one IP, the client sends the hostname in the ClientHello so the server knows which cert to present. Before SNI, you needed one IP per cert; today, Cloudflare serves 10M+ sites from the same IPs.

TLS 1.3's 0-RTT mode lets a returning client send application data in the first packet, using a pre-shared key from a previous session. The handshake takes zero round-trips. Amazing for mobile networks with 200ms+ RTT.

The trap: 0-RTT data is replayable. An attacker who recorded the original request can replay it to the server, which has no way to distinguish "fresh request" from "replay." For idempotent GETs, harmless. For POST that charges a card — catastrophic.

Mitigation: restrict 0-RTT to safe methods (GET, HEAD) at the LB level. All mainstream LB stacks offer this as a config flag. Use 0-RTT for static content, fall back to 1-RTT for mutations.

Payment gateway requires end-to-end TLS — PCI compliance mandates it. WhatsApp uses TLS for client-server + Signal Protocol for end-to-end encryption. Every public-facing API problem uses TLS by default.