TLS
TLS (Transport Layer Security) is the standard cryptographic protocol for securing data in transit over a network, succeeding SSL. It provides encryption, data integrity, and server (and optionally client) authentication using certificates, and underlies HTTPS as well as many other secured protocols like SMTP, IMAP,…
41 resources across 4 libraries
Glossary Terms(12)
VPN
A VPN (Virtual Private Network) creates an encrypted tunnel between a device and a remote network or gateway over the public internet, making traffic appear as…
SSL
SSL (Secure Sockets Layer) is the original cryptographic protocol for encrypting communication between a client and a server over a network, developed by Netsc…
TLS
TLS (Transport Layer Security) is the standard cryptographic protocol for securing data in transit over a network, succeeding SSL. It provides encryption, data…
Authentication
Authentication is the process of verifying that a user, device, or system is who or what it claims to be, typically before granting access to a resource. It is…
Computer Networks
Computer networks are interconnected systems of devices that communicate by exchanging data over shared communication links, using standardized protocols to ad…
HTTP/3
HTTP/3 is the third major version of the Hypertext Transfer Protocol, built on top of QUIC instead of TCP to reduce connection latency and eliminate head-of-li…
Wireshark
Wireshark is a free, open-source network protocol analyzer that captures and inspects network traffic in detail, allowing security professionals and network en…
Virtual Private Network (VPN)
A Virtual Private Network (VPN) creates an encrypted tunnel between a device and a remote network or server, protecting data in transit and allowing the device…
Public Key Infrastructure (PKI)
Public Key Infrastructure (PKI) is the set of policies, roles, and technology used to create, manage, distribute, and revoke digital certificates that bind pub…
Man-in-the-Middle Attack
A man-in-the-middle (MITM) attack occurs when an attacker secretly intercepts, and potentially alters, communication between two parties who believe they are c…
Encryption in Transit
Encryption in transit is the practice of encrypting data as it travels across a network — between a client and server, or between internal services — so it can…
Certificate Authority
A Certificate Authority (CA) is a trusted organization that issues digital certificates verifying the identity of websites, individuals, or devices, forming th…
Study Notes(5)
WSS and TLS for WebSockets
How TLS secures WebSocket connections, from certificate management to termination patterns in production infrastructure.
SSL/TLS Termination
Learn how nginx terminates TLS at the edge, configure certificates and modern cipher policy, and decide between plaintext and re-encrypted backend connections.
Elasticsearch Security Basics
Core security features of Elasticsearch: authentication, role-based access control, TLS, and audit logging.
gRPC Authentication with TLS
How gRPC uses TLS and mutual TLS to secure transport, and how call credentials layer token-based authorization on top for production services.
TLS/SSL Basics
Understand how the TLS handshake establishes a secure session, and why SSL is the deprecated predecessor to modern TLS.
Cheat Sheets(1)
Interview Questions(23)
What is Data Encryption in Transit for Databases?
Data encryption in transit protects data while it moves across a network — between an application and the database, between replicas, or during a backup transf…
Difference Between HTTP and HTTPS
HTTP (HyperText Transfer Protocol) transfers web data in plain text, while HTTPS is the same protocol running over a TLS-encrypted connection — so HTTPS adds e…
What is SSL/TLS?
SSL/TLS is a cryptographic protocol that encrypts data in transit between a client and server, verifies the server’s identity using certificates, and ensures t…
What is the Presentation Layer (OSI Layer 6)?
The Presentation Layer (Layer 6 of the OSI model) is responsible for translating data between the format an application uses and the format sent over the netwo…
What Is HTTP/3 and QUIC?
HTTP/3 is the third major version of HTTP that runs over QUIC, a transport protocol built on UDP, instead of TCP — this eliminates TCP-level head-of-line block…
What is DNS over HTTPS (DoH)?
DNS over HTTPS (DoH) is a protocol that carries standard DNS queries and responses inside encrypted HTTPS connections instead of sending them as plaintext UDP…
Symmetric vs Asymmetric Encryption
Symmetric encryption uses one shared secret key for both encrypting and decrypting data, making it fast but requiring a secure way to distribute that key, whil…
What is Public Key Infrastructure (PKI)?
Public Key Infrastructure (PKI) is the set of roles, policies, and systems needed to create, distribute, validate, and revoke digital certificates that bind a…
What are Digital Certificates?
A digital certificate is an electronic document, typically in X.509 format, that binds a public key to an identity (such as a domain name or organization) and…
Explain the TLS Handshake in Detail
The TLS handshake is the negotiation phase where a client and server agree on a cipher suite, authenticate the server (and optionally the client) via certifica…
HTTPS vs HTTP: What Security Does HTTPS Add?
HTTPS is HTTP layered on top of TLS, adding encryption, integrity, and server authentication that plain HTTP has none of — meaning HTTPS traffic cannot be read…
What is a Man-in-the-Middle Attack?
A man-in-the-middle (MITM) attack is when an attacker secretly positions itself between two communicating parties, intercepting, and potentially altering, traf…
What is Packet Sniffing?
Packet sniffing is the practice of capturing and inspecting raw network traffic as it passes over a wire or wireless link, typically by putting a network inter…
What is OpenVPN?
OpenVPN is an open-source VPN protocol and software suite that builds an encrypted tunnel between a client and a server using TLS for key exchange and either O…
What is IPsec vs SSL VPN?
IPsec VPN encrypts traffic at the network layer (Layer 3) using the IPsec protocol suite (IKE for key negotiation, ESP/AH for the actual encryption), typically…
What is the QUIC Protocol?
QUIC is a transport-layer protocol built on top of UDP that provides TCP-like reliability and congestion control plus built-in TLS 1.3 encryption, multiplexed…
What is Deep Packet Inspection (DPI)?
Deep Packet Inspection (DPI) is a network filtering technique that examines the actual payload data of a packet, not just its header, so a firewall, router, or…
What is a Replay Attack?
A replay attack is when an attacker captures a legitimate, valid piece of network traffic — such as an authentication token or transaction request — and retran…
What Is HTTPS and What Causes Mixed Content Errors?
HTTPS is HTTP layered over TLS, encrypting and authenticating traffic between browser and server, and mixed content occurs when a page loaded securely over HTT…
What Happens During a TLS Handshake?
A TLS handshake is the process by which a client and server agree on cryptographic parameters, verify the server’s identity via its certificate, and derive a s…
What is mTLS and Why Use It Between Services?
Mutual TLS (mTLS) is an extension of standard TLS where both the client and the server present X.509 certificates and verify each other’s identity during the h…
How Do You Manage TLS Certificates in a DevOps Pipeline?
Certificate management in DevOps means treating TLS certificates as versioned, automatically issued, rotated, and monitored infrastructure rather than manually…
How Does Let’s Encrypt Certificate Automation Work?
Let’s Encrypt automation uses the ACME protocol to prove domain ownership programmatically and issue free, short-lived (90-day) TLS certificates without any hu…