ssl/tls
SSL (Secure Sockets Layer) и его преемник TLS (Transport Layer Security) — это криптографические протоколы, предназначенные для обеспечения безопасной связи через компьютерную сеть.
SSL (Secure Sockets Layer) and its successor, TLS (Transport Layer Security), are cryptographic protocols designed to secure communications over computer networks. They provide authentication, data integrity, and confidentiality for network connections, most commonly used for securing web traffic (HTTPS). The process typically begins with a TLS handshake, where the client and server authenticate each other (often server-to-client only) and agree on cryptographic algorithms and parameters. This involves exchanging certificates (usually X.509), performing a key exchange (e.g., RSA, Diffie-Hellman) to establish a shared secret, and generating session keys for symmetric [encryption](/ru/terms/symmetric-encryption). Once the handshake is complete, the actual application data (e.g., HTTP requests/responses) is encrypted using the agreed-upon symmetric cipher (like AES) and authenticated using MACs or authenticated encryption modes. TLS is standardized by the IETF and has evolved through several versions (TLS 1.0, 1.1, 1.2, 1.3), with newer versions offering improved security, performance, and stronger cryptographic algorithms. SSL is now considered obsolete and insecure.
graph LR
Center["ssl/tls"]:::main
Pre_logic["logic"]:::pre --> Center
click Pre_logic "/terms/logic"
Rel_data_privacy["data-privacy"]:::related -.-> Center
click Rel_data_privacy "/terms/data-privacy"
Rel_encryption["encryption"]:::related -.-> Center
click Rel_encryption "/terms/encryption"
Rel_saas_software_as_a_service["saas-software-as-a-service"]:::related -.-> Center
click Rel_saas_software_as_a_service "/terms/saas-software-as-a-service"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧠 Проверка знаний
🧒 Простыми словами
SSL/TLS is like a secret handshake and a locked box for your internet messages, making sure only the right people can send and receive them, and that no one can peek inside or change the message while it's traveling.
🤓 Expert Deep Dive
The TLS handshake is a complex multi-step process. Key exchange mechanisms are critical: RSA key exchange is vulnerable to passive eavesdropping if the server's private key is compromised later (due to lack of forward secrecy), whereas ephemeral Diffie-Hellman (DHE/ECDHE) provides forward secrecy. Certificate validation involves checking the certificate chain up to a trusted root Certificate Authority (CA), verifying expiration dates, and matching the hostname. Cipher suites define the combination of algorithms used (key exchange, symmetric [encryption](/ru/terms/symmetric-encryption), MAC). TLS 1.3 significantly streamlines the handshake (reducing round trips) and removes obsolete/insecure ciphers, enhancing both security and performance. Vulnerabilities have historically stemmed from implementation flaws (e.g., Heartbleed), weak cipher suites (e.g., RC4, MD5), or protocol weaknesses (e.g., POODLE). Proper certificate management and timely protocol upgrades are essential for maintaining security.