Back to Technology

Complete Protocols Master Part 17: Security Protocols

January 31, 2026 Wasil Zafar 45 min read

Deep-dive into TLS 1.3, X.509 certificates, PKI infrastructure, and the cryptographic protocols that secure internet communication.

Table of Contents

  1. Introduction
  2. TLS Protocol
  3. X.509 Certificates
  4. PKI Infrastructure
  5. Cipher Suites
  6. Certificate Validation
  7. Summary

Introduction: The Cryptographic Web

Every time you see the padlock in your browser, TLS is at work. It's the foundation of web security—encrypting data, verifying server identity, and ensuring integrity of communication.

Series Context: This is Part 17 of 20 in the Complete Protocols Master series. TLS operates at the Presentation/Session layers, securing Application Layer protocols like HTTP, SMTP, and IMAP.

Protocol Mastery

Your 20-step learning path • Currently on Step 17
1
Part 1: OSI Model & Protocol Foundations
Network layers, encapsulation, TCP/IP model
2
Physical & Data Link Layers
Ethernet, Wi-Fi, VLANs, MAC addressing
3
Network Layer & IP
IPv4, IPv6, ICMP, routing protocols
4
Transport Layer
TCP, UDP, QUIC, ports, sockets
5
Session & Presentation Layers
TLS handshake, encryption, serialization
6
Web Protocols
HTTP/1.1, HTTP/2, HTTP/3, WebSockets
7
API Protocols
REST, GraphQL, gRPC, SOAP
8
DNS Deep Dive
DNS hierarchy, records, DNSSEC
9
Email Protocols
SMTP, IMAP, POP3, SPF/DKIM/DMARC
10
File Transfer Protocols
FTP, SFTP, SCP, rsync
11
Real-Time Protocols
WebRTC, SIP, RTP, VoIP
12
Streaming Protocols
HLS, DASH, RTMP, media delivery
13
IoT Protocols
MQTT, CoAP, Zigbee, LoRaWAN
14
VPN & Tunneling
IPsec, OpenVPN, WireGuard
15
Authentication Protocols
OAuth, SAML, OIDC, Kerberos
16
Network Management
SNMP, NetFlow, Syslog
17
Security Protocols
TLS/SSL, certificates, PKI
You Are Here
18
Cloud Provider Protocols
AWS, Azure, GCP APIs
19
Emerging Protocols
QUIC, HTTP/3, WebTransport
20
Web Security Standards
CORS, CSP, HSTS, SRI
Security Goals

What TLS Provides

TLS Security Properties:

1. CONFIDENTIALITY
   • Data encrypted in transit
   • Only sender/receiver can read
   • Symmetric encryption (AES, ChaCha20)

2. INTEGRITY
   • Data not modified in transit
   • Detects tampering
   • MAC or AEAD

3. AUTHENTICATION
   • Server proves identity (always)
   • Client proves identity (optional)
   • X.509 certificates

What TLS Does NOT Provide:
• Privacy (metadata visible: IPs, timing)
• Protection at rest (only in-transit)
• Protection against compromised endpoints
History

SSL/TLS Evolution

VersionYearStatusNotes
SSL 2.01995❌ InsecureBroken
SSL 3.01996❌ InsecurePOODLE attack
TLS 1.01999❌ DeprecatedBEAST vulnerable
TLS 1.12006❌ DeprecatedWeak ciphers
TLS 1.22008✅ AcceptableStill widely used
TLS 1.32018✅ RecommendedModern, faster

TLS Protocol Deep-Dive

TLS 1.3 is a major improvement over 1.2—faster handshake (1-RTT), removed obsolete algorithms, and mandatory forward secrecy. Let's understand both.

Side-by-side sequence diagram comparing TLS 1.2 two-round-trip handshake with TLS 1.3 single-round-trip handshake
TLS 1.2 (2-RTT) vs TLS 1.3 (1-RTT) handshake comparison — TLS 1.3 combines key exchange with the first message, halving connection setup time
TLS 1.2

TLS 1.2 Handshake

TLS 1.2 Full Handshake (2-RTT):

Client                                 Server
   |                                      |
   |--- ClientHello ----------------->    |
   |    (version, random, cipher suites,  |
   |     extensions)                      |
   |                                      |
   |<-- ServerHello -------------------|  |
   |<-- Certificate -------------------|  |
   |<-- ServerKeyExchange -------------|  |
   |<-- ServerHelloDone ---------------|  |
   |                                      |
   |--- ClientKeyExchange ------------>   |
   |--- ChangeCipherSpec ------------->   |
   |--- Finished (encrypted) --------->   |
   |                                      |
   |<-- ChangeCipherSpec --------------|  |
   |<-- Finished (encrypted) ----------|  |
   |                                      |
   [Application Data flows encrypted]

2 Round Trips before app data!
TLS 1.3

TLS 1.3 Handshake (1-RTT)

TLS 1.3 Handshake (1-RTT):

Client                                 Server
   |                                      |
   |--- ClientHello ----------------->    |
   |    (supported versions, key_share,   |
   |     cipher suites)                   |
   |                                      |
   |<-- ServerHello -------------------|  |
   |<-- EncryptedExtensions -----------|  |
   |<-- Certificate -------------------|  |
   |<-- CertificateVerify -------------|  |
   |<-- Finished ----------------------|  |
   |                                      |
   |--- Finished ---------------------->  |
   |                                      |
   [Application Data flows encrypted]

Only 1 Round Trip!

TLS 1.3 also supports 0-RTT:
• Resumed connections send data immediately
• Trade-off: Replay attack possible

# Inspect TLS connection with OpenSSL

# Connect and show certificate
openssl s_client -connect example.com:443 -showcerts

# Check TLS version and cipher
openssl s_client -connect example.com:443 2>/dev/null | \
  grep -E "Protocol|Cipher"
# Protocol  : TLSv1.3
# Cipher    : TLS_AES_256_GCM_SHA384

# Force specific TLS version
openssl s_client -connect example.com:443 -tls1_2
openssl s_client -connect example.com:443 -tls1_3

# Show certificate details
echo | openssl s_client -connect example.com:443 2>/dev/null | \
  openssl x509 -noout -text

# Check certificate expiration
echo | openssl s_client -connect example.com:443 2>/dev/null | \
  openssl x509 -noout -dates

# TLS connection inspection with Python

import ssl
import socket
from datetime import datetime

def inspect_tls(hostname, port=443):
    """Inspect TLS connection details"""
    
    context = ssl.create_default_context()
    
    with socket.create_connection((hostname, port)) as sock:
        with context.wrap_socket(sock, server_hostname=hostname) as tls_sock:
            
            print(f"TLS Connection to {hostname}")
            print("=" * 50)
            
            # Protocol version
            print(f"Protocol: {tls_sock.version()}")
            
            # Cipher suite
            cipher = tls_sock.cipher()
            print(f"Cipher: {cipher[0]}")
            print(f"Bits: {cipher[2]}")
            
            # Certificate
            cert = tls_sock.getpeercert()
            
            print(f"\nCertificate:")
            print(f"  Subject: {dict(x[0] for x in cert['subject'])}")
            print(f"  Issuer: {dict(x[0] for x in cert['issuer'])}")
            
            # Validity
            not_after = cert['notAfter']
            expiry = datetime.strptime(not_after, '%b %d %H:%M:%S %Y %Z')
            days_left = (expiry - datetime.now()).days
            print(f"  Expires: {not_after} ({days_left} days)")
            
            # SANs
            if 'subjectAltName' in cert:
                sans = [x[1] for x in cert['subjectAltName']]
                print(f"  SANs: {', '.join(sans[:3])}...")

# Example
# inspect_tls('google.com')

print("""
TLS 1.3 Improvements:
• 1-RTT handshake (was 2-RTT)
• 0-RTT resumption (with replay risk)
• Forward secrecy mandatory
• Removed RSA key exchange
• Removed weak ciphers (RC4, 3DES)
• Simplified cipher suite naming
""")

X.509 Certificates

X.509 certificates are digital documents that bind a public key to an identity. They're the foundation of internet trust—your browser trusts thousands of root CAs.

Annotated diagram of an X.509 certificate showing fields including version, serial number, issuer, validity period, subject, public key, and extensions
Anatomy of an X.509 certificate — key fields include the issuer (who signed it), subject (who it identifies), validity period, public key, and v3 extensions like SAN
Structure

Certificate Anatomy

X.509 Certificate Structure:

Certificate:
    Version: 3 (0x2)
    Serial Number: unique identifier
    
    Signature Algorithm: sha256WithRSAEncryption
    
    Issuer: CN=DigiCert Global Root CA, O=DigiCert Inc
    
    Validity:
        Not Before: Jan 1 00:00:00 2020 GMT
        Not After : Dec 31 23:59:59 2025 GMT
    
    Subject: CN=example.com, O=Example Inc
    
    Subject Public Key Info:
        Public Key Algorithm: rsaEncryption
        RSA Public Key: (2048 bit)
    
    X509v3 Extensions:
        Basic Constraints: CA:FALSE
        Key Usage: Digital Signature, Key Encipherment
        Extended Key Usage: TLS Web Server Authentication
        Subject Alternative Name:
            DNS:example.com
            DNS:www.example.com
        Authority Key Identifier: ...
        Certificate Policies: ...
        CRL Distribution Points: ...
        Authority Information Access:
            OCSP - URI:http://ocsp.digicert.com
            CA Issuers - URI:http://...
    
Signature Algorithm: sha256WithRSAEncryption
Signature: (binary signature)

# Certificate operations with OpenSSL

# Generate private key
openssl genrsa -out server.key 2048

# Generate CSR (Certificate Signing Request)
openssl req -new -key server.key -out server.csr \
  -subj "/CN=example.com/O=Example Inc/C=US"

# Self-signed certificate (for testing)
openssl x509 -req -days 365 -in server.csr \
  -signkey server.key -out server.crt

# View certificate
openssl x509 -in server.crt -noout -text

# Verify certificate chain
openssl verify -CAfile ca-bundle.crt server.crt

# Check certificate matches key
openssl x509 -noout -modulus -in server.crt | md5sum
openssl rsa -noout -modulus -in server.key | md5sum
# Should match!

# Convert formats
openssl pkcs12 -export -in server.crt -inkey server.key -out server.pfx
openssl pkcs12 -in server.pfx -out server.pem -nodes

# Certificate analysis with Python

from cryptography import x509
from cryptography.hazmat.backends import default_backend
import ssl
import socket

def analyze_certificate(hostname):
    """Analyze server certificate"""
    
    # Get certificate
    context = ssl.create_default_context()
    with socket.create_connection((hostname, 443)) as sock:
        with context.wrap_socket(sock, server_hostname=hostname) as tls:
            der_cert = tls.getpeercert(binary_form=True)
    
    # Parse certificate
    cert = x509.load_der_x509_certificate(der_cert, default_backend())
    
    print(f"Certificate Analysis: {hostname}")
    print("=" * 50)
    
    # Subject
    print(f"Subject: {cert.subject.rfc4514_string()}")
    print(f"Issuer: {cert.issuer.rfc4514_string()}")
    
    # Validity
    print(f"Valid From: {cert.not_valid_before}")
    print(f"Valid Until: {cert.not_valid_after}")
    
    # Key info
    pub_key = cert.public_key()
    print(f"Key Type: {type(pub_key).__name__}")
    print(f"Key Size: {pub_key.key_size} bits")
    
    # SANs
    try:
        san = cert.extensions.get_extension_for_class(
            x509.SubjectAlternativeName)
        names = san.value.get_values_for_type(x509.DNSName)
        print(f"SANs: {names}")
    except x509.ExtensionNotFound:
        print("SANs: None")
    
    # Signature algorithm
    print(f"Signature: {cert.signature_algorithm_oid._name}")

# Example
# analyze_certificate('google.com')

PKI Infrastructure

PKI (Public Key Infrastructure) is the trust hierarchy that makes certificates work. Root CAs are trusted by browsers, and they sign intermediate CAs, which sign end-entity certificates.

Hierarchical tree diagram showing the PKI chain of trust from root CA to intermediate CAs to end-entity server certificates
PKI certificate chain of trust — root CAs (stored in browsers) sign intermediate CAs, which sign end-entity certificates presented by servers
Chain of Trust: Your browser trusts ~150 root CAs. Each root can sign intermediates, which sign server certificates. If ANY CA is compromised, the whole system fails.
Trust Chain

Certificate Chain

Certificate Trust Chain:

Root CA Certificate (self-signed)
  └── Trusted by browsers/OS
  └── Stored offline, rarely used
        |
        ↓ signs
Intermediate CA Certificate
  └── Signs end-entity certificates
  └── Limits blast radius if compromised
        |
        ↓ signs
End-Entity Certificate (your server)
  └── Presented to clients
  └── Valid for specific domain(s)

Example Chain:
1. DigiCert Global Root CA (in browser trust store)
2. DigiCert SHA2 Extended Validation Server CA
3. www.example.com

Server sends: #3 + #2 (leaf + intermediates)
Browser has: #1 (root, pre-trusted)

# View certificate chain

# Show full chain
openssl s_client -connect example.com:443 -showcerts 2>/dev/null | \
  grep -E "s:|i:" | head -10

# Chain depth
# 0 s: CN=www.example.com (leaf)
#   i: CN=DigiCert SHA2 Extended Validation Server CA (intermediate)
# 1 s: CN=DigiCert SHA2 Extended Validation Server CA
#   i: CN=DigiCert High Assurance EV Root CA (root)

# Verify chain
openssl verify -CAfile root.crt -untrusted intermediate.crt server.crt
Types

Certificate Types

TypeValidationIndicatorUse Case
DVDomain onlyPadlockPersonal sites
OVOrganization verifiedPadlockBusiness sites
EVExtended validationPadlock (was green bar)E-commerce, banks
Wildcard*.domain.comPadlockMultiple subdomains
Multi-domainSAN listPadlockMultiple domains

Cipher Suites

A cipher suite defines the algorithms used for key exchange, authentication, encryption, and integrity. TLS 1.3 simplified this significantly.

Breakdown diagram of a TLS 1.2 cipher suite string showing key exchange, authentication, encryption, and hash components
TLS cipher suite component breakdown — TLS 1.2 specifies four algorithm choices (key exchange, auth, encryption, hash), while TLS 1.3 simplifies to just encryption and hash
TLS 1.2

TLS 1.2 Cipher Suite Format

TLS 1.2 Cipher Suite:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Breakdown:
TLS_          Protocol
ECDHE_        Key Exchange (Elliptic Curve Diffie-Hellman Ephemeral)
RSA_          Authentication (RSA signature)
WITH_
AES_256_      Encryption (AES 256-bit)
GCM_          Mode (Galois/Counter Mode - AEAD)
SHA384        Hash for PRF (Pseudo-Random Function)

Key Exchange Options:
• RSA: Server's RSA key (NO forward secrecy!)
• DHE: Diffie-Hellman Ephemeral
• ECDHE: Elliptic Curve DHE (preferred)

Authentication:
• RSA: RSA signature
• ECDSA: Elliptic Curve Digital Signature

Encryption:
• AES-GCM: Modern, fast (AEAD)
• AES-CBC: Older, needs separate MAC
• ChaCha20-Poly1305: Mobile-friendly
TLS 1.3

TLS 1.3 Cipher Suites (Simplified)

TLS 1.3 Cipher Suites:

Only 5 cipher suites:
• TLS_AES_256_GCM_SHA384
• TLS_AES_128_GCM_SHA256
• TLS_CHACHA20_POLY1305_SHA256
• TLS_AES_128_CCM_SHA256
• TLS_AES_128_CCM_8_SHA256

Why simpler?
• Key exchange ALWAYS ephemeral (forward secrecy)
• Authentication separate (in certificate)
• Only AEAD ciphers allowed

TLS 1.3 removes:
• RSA key exchange (no forward secrecy)
• Static DH
• CBC mode ciphers
• RC4, 3DES, MD5, SHA-1

# Check server cipher suites

# List supported ciphers
nmap --script ssl-enum-ciphers -p 443 example.com

# Test specific cipher
openssl s_client -connect example.com:443 \
  -cipher 'ECDHE-RSA-AES256-GCM-SHA384'

# Modern cipher configuration (nginx)
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;

# Mozilla SSL Configuration Generator
# https://ssl-config.mozilla.org/

Certificate Validation

When your browser receives a certificate, it performs multiple checks: chain validation, expiration, revocation, and domain matching.

Flowchart showing the six certificate validation steps: chain validation, validity period check, revocation check, name matching, key usage, and policy check
Certificate validation flowchart — browsers perform six sequential checks including chain verification, expiration, OCSP/CRL revocation, hostname matching, key usage, and CT policy
Validation

Certificate Validation Steps

Certificate Validation Checks:

1. CHAIN VALIDATION
   • Build path to trusted root
   • Verify each signature
   • Check BasicConstraints (CA:TRUE for intermediates)

2. VALIDITY PERIOD
   • notBefore < now < notAfter
   • Alert if expired or not yet valid

3. REVOCATION CHECK
   • CRL (Certificate Revocation List)
   • OCSP (Online Certificate Status Protocol)
   • OCSP Stapling (server provides status)

4. NAME MATCHING
   • CN or SAN must match hostname
   • Wildcard matching rules (*.example.com)

5. KEY USAGE
   • digitalSignature for TLS server auth
   • Extended Key Usage: serverAuth

6. POLICY CHECK
   • Certificate Transparency logs
   • CAA DNS records

# Certificate revocation checks

# Check OCSP
openssl ocsp -issuer intermediate.crt -cert server.crt \
  -url http://ocsp.digicert.com -resp_text

# Check CRL
openssl crl -in crl.pem -text -noout

# OCSP stapling test
openssl s_client -connect example.com:443 -status 2>/dev/null | \
  grep -A 17 "OCSP Response"

# Certificate Transparency lookup
# https://crt.sh/?q=example.com

# Certificate validation in Python

import ssl
import socket
from datetime import datetime

def validate_certificate(hostname):
    """Validate server certificate"""
    
    print(f"Validating certificate for {hostname}")
    print("=" * 50)
    
    # Create context with validation
    context = ssl.create_default_context()
    # context.check_hostname = True (default)
    # context.verify_mode = ssl.CERT_REQUIRED (default)
    
    try:
        with socket.create_connection((hostname, 443)) as sock:
            with context.wrap_socket(sock, server_hostname=hostname) as tls:
                cert = tls.getpeercert()
                
                print("✅ Chain valid (trusted by system CA store)")
                print("✅ Hostname matches")
                
                # Check expiration
                not_after = cert['notAfter']
                expiry = datetime.strptime(not_after, '%b %d %H:%M:%S %Y %Z')
                days_left = (expiry - datetime.now()).days
                
                if days_left > 0:
                    print(f"✅ Not expired ({days_left} days remaining)")
                else:
                    print(f"❌ EXPIRED!")
                
                return True
                
    except ssl.SSLCertVerificationError as e:
        print(f"❌ Validation failed: {e}")
        return False
    except ssl.CertificateError as e:
        print(f"❌ Certificate error: {e}")
        return False

# Test
# validate_certificate('google.com')
# validate_certificate('expired.badssl.com')  # Will fail

Summary & Next Steps

Key Takeaways:
  • TLS 1.3: 1-RTT handshake, mandatory forward secrecy
  • X.509: Standard for digital certificates
  • PKI: Root → Intermediate → End-Entity chain
  • Cipher suites: Key exchange + Auth + Encryption
  • Validation: Chain, expiry, revocation, hostname
Quiz

Test Your Knowledge

  1. TLS 1.3 vs 1.2 handshake? (1-RTT vs 2-RTT)
  2. What's forward secrecy? (Compromised key doesn't decrypt past traffic)
  3. Why intermediate CAs? (Limit blast radius, keep root offline)
  4. OCSP vs CRL? (Real-time check vs periodic list)
  5. Why no RSA key exchange in TLS 1.3? (No forward secrecy)

Related Articles

Part 16: Network Management

SNMP, NetFlow, syslog monitoring.

Read Article
Part 18: Cloud Protocols

AWS, Azure, GCP communication.

Read Article