100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace
Python

TLS/SSL Basics

Understand how the TLS handshake establishes a secure session, and why SSL is the deprecated predecessor to modern TLS.

Cryptography FundamentalsIntermediate10 min readJul 8, 2026
Analogies

Introduction

TLS (Transport Layer Security) is the protocol that secures the vast majority of traffic on the internet today, from HTTPS websites to email and messaging. It ties together everything covered earlier in this module: symmetric and asymmetric encryption, hashing, and PKI, into one practical handshake that establishes a secure channel between a client and a server.

🏏

Cricket analogy: TLS is like the final over of a match where every skill built up throughout the game - batting technique, fielding drills, strategic planning - comes together in one decisive sequence; it ties symmetric/asymmetric encryption, hashing, and PKI into one practical handshake securing the connection.

Explanation

TLS is the modern, actively maintained protocol for securing network communications; SSL (Secure Sockets Layer), its predecessor, is deprecated and considered insecure due to known vulnerabilities, so all modern systems should use TLS (currently TLS 1.2 or TLS 1.3) and disable SSL entirely. Despite this, people often say 'SSL certificate' colloquially even though the certificate and protocol in use today are actually TLS. At a conceptual level, a TLS handshake proceeds through a few key stages. First, the client and server exchange supported capabilities and the server presents its digital certificate. The client verifies this certificate by checking the chain of trust up to a trusted root CA (as covered in the PKI topic), confirming the server's identity and public key are legitimate. Next, the client and server perform a key exchange, using asymmetric cryptography (or an ephemeral Diffie-Hellman key exchange in modern TLS) to securely agree on a shared secret without ever transmitting it in the clear. From that shared secret, both sides derive the same symmetric session keys. Finally, the handshake completes and all subsequent application data is protected using fast symmetric encryption with those session keys, along with hashing-based mechanisms (MACs) to ensure integrity of every message.

🏏

Cricket analogy: SSL is like an outdated bat design banned by the ICC for safety, while TLS 1.2/1.3 is the current approved bat; during the 'handshake,' a player first verifies the opposing captain's team credentials against the board (chain of trust to root CA), then both sides agree on match rules (key exchange) before playing under those shared rules (symmetric session keys).

Example

python
import ssl, socket

hostname = "example.com"
context = ssl.create_default_context()
context.minimum_version = ssl.TLSVersion.TLSv1_2  # reject legacy SSL/old TLS

with socket.create_connection((hostname, 443)) as sock:
    with context.wrap_socket(sock, server_hostname=hostname) as ssock:
        print("Negotiated protocol:", ssock.version())       # e.g. TLSv1.3
        print("Cipher suite in use:", ssock.cipher())         # symmetric cipher chosen
        print("Peer certificate verified via chain of trust")
        ssock.send(b"GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n")
        print(ssock.recv(200))

Analysis

Setting minimum_version = ssl.TLSVersion.TLSv1_2 explicitly rejects the deprecated SSL protocol and old, insecure TLS versions, forcing the connection to use a modern, secure protocol version. The ssock.version() call reveals which protocol was actually negotiated, and ssock.cipher() shows the symmetric cipher suite chosen for bulk data encryption after the handshake completed. This demonstrates the layered design in action: PKI-based certificate verification confirms identity, asymmetric/key-exchange cryptography establishes a shared secret, and symmetric encryption then protects the actual HTTP traffic efficiently for the rest of the connection.

🏏

Cricket analogy: Setting a minimum required standard, like the ICC banning older bat designs, is like minimum_version = TLSv1_2 rejecting outdated protocols; checking which bat model was actually used in the match (ssock.version()) and which specific technique the batter played (ssock.cipher()) mirrors verifying the negotiated protocol and cipher after the handshake.

Key Takeaways

  • TLS is the modern, secure protocol; SSL is its deprecated, insecure predecessor.
  • The handshake begins with certificate exchange and verification via the chain of trust.
  • A key exchange establishes a shared secret without transmitting it directly.
  • Symmetric encryption, derived from that shared secret, protects the bulk application data.

Practice what you learned

Was this page helpful?

Topics covered

#Python#CyberSecurityFundamentalsStudyNotes#CyberSecurity#TLSSSLBasics#TLS#SSL#Explanation#Example#StudyNotes#SkillVeris