HTTPS & TLS 1.3: How Secure Connections Work

The padlock in your browser represents Transport Layer Security (TLS) — a protocol that authenticates the server, secretly negotiates a session key, and then encrypts every byte of data both ways. TLS 1.3 (2018) does all this in a single round-trip and is now used by over 90% of HTTPS sites.

1. What TLS Provides

TLS provides three security properties for a TCP connection:

Confidentiality: Data is encrypted — an eavesdropper on the network (coffee shop Wi-Fi, ISP) sees only random bytes.
Integrity: Each record includes an authentication tag — any tampering is detected.
Authentication: The server's certificate proves it is who it claims to be (e.g., bank.com, not an attacker's server). Client authentication is optional.

HTTPS is simply HTTP running over TLS. The 's' in https:// means the TCP connection is wrapped in TLS before any HTTP data is sent.

2. X.509 Certificates

A TLS certificate is a digitally-signed document containing: the server's domain name, its public key, validity period, and the digital signature of a Certificate Authority (CA) certifying this information.

Your browser/OS ships with 100+ trusted root CAs (DigiCert, Let's Encrypt, Comodo, etc.). When a server presents its certificate, your browser follows the certificate chain: server cert → intermediate CA cert → root CA cert in your trust store. If the signature chain is valid and the domain matches, authentication succeeds.

Let's Encrypt issues free, automatically-renewed TLS certificates via the ACME protocol. Since its 2015 launch, it has issued billions of certificates, helping make HTTPS the default across the web. It uses Domain Validation (DV) — proves control of the domain but not the legal identity of the organisation.

3. TLS 1.3 Handshake

TLS 1.3 completes authentication and key exchange in a single round-trip (1-RTT). Resumption can be 0-RTT. The sequence:

→ Client

ClientHello

TLS version, random bytes, list of supported cipher suites, key_share (client's ECDHE public key for each supported group e.g. X25519)

← Server

ServerHello

Chosen cipher suite, key_share (server's ECDHE public key). Both sides can now derive session keys.

← Server

EncryptedExtensions

Additional extensions, all encrypted with the derived handshake key.

← Server

Certificate + CertificateVerify

Server's X.509 certificate chain and signature over the handshake transcript (proves possession of private key).

← Server

Finished

HMAC over entire handshake, verifying integrity.

→ Client

Finished

Client verifies everything and sends its Finished. Application data can now flow.

Total extra latency: 1 round-trip before application data. TLS 1.2 required 2 round-trips — TLS 1.3 is measurably faster for page loads.

4. ECDHE Key Exchange

ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) allows two parties to derive a shared secret without transmitting it. Using elliptic curve X25519 (most common in TLS 1.3):

Client generates random private key a, computes A = a × G (point multiplication)
Server generates random private key b, computes B = b × G
They exchange A and B publicly
Client computes a × B = a × b × G; Server computes b × A = b × a × G
Both arrive at the same shared point — the shared secret

An eavesdropper sees A and B but cannot compute a × b × G without solving the elliptic curve discrete logarithm problem. The "Ephemeral" means new key pairs are generated for every TLS session, providing forward secrecy.

5. Record Layer & AEAD

After the handshake, all application data is encrypted using AEAD (Authenticated Encryption with Associated Data). TLS 1.3 mandates only two cipher suites:

AES-128-GCM — AES in Galois/Counter Mode, 128-bit key, hardware-accelerated on modern CPUs
ChaCha20-Poly1305 — preferred on platforms without AES hardware acceleration (low-power mobile)

AEAD provides both encryption and a MAC (authentication tag). The record structure: [header][encrypted payload + 16-byte authentication tag]. If even one byte of the ciphertext is modified, the tag verification fails and the connection is terminated. No separate HMAC required.

6. Forward Secrecy

TLS 1.3 mandates perfect forward secrecy (PFS): even if the server's private key is stolen later, recorded past traffic cannot be decrypted because ephemeral ECDHE keys are discarded after each session.

TLS 1.2 allowed non-ephemeral RSA key exchange, which had no forward secrecy — a nation-state adversary could record all encrypted traffic and decrypt it later when the server's private key is obtained. This vulnerability was used in mass surveillance programs.

7. HSTS & Common Pitfalls

HTTP Strict Transport Security (HSTS): A response header telling the browser to always use HTTPS for this domain for N seconds — prevents downgrade attacks. Major sites are in the HSTS Preload List shipped with browsers.

Common misconfiguration issues:

Mixed content: An HTTPS page loading HTTP resources — the HTTP resources can be intercepted and replaced by an attacker.
Expired certificates: Browser shows scary warning, users either abandon or click through (training them to ignore warnings — dangerous).
Weak cipher suites: TLS 1.2 servers still supporting RC4, 3DES, or export-grade ciphers are vulnerable. TLS 1.3 removes all weak options.
Certificate pinning misuse: Hard-coding certificate fingerprints makes key rotation impossible and causes service outages.