Open in app

Sign up

Sign in

Write

Sign up

Sign in

Ambassador Labs

Code, ship, and run apps for Kubernetes faster and easier than ever — powered by Ambassador’s industry-leading developer experience.

Follow publication

GETTING EDGY VIDEO SERIES

Getting Edgy: Understanding Transport Layer Security (TLS) Encryption

Learn about how to keep your users’ information safe on the web.

Stephanie Coyle
Ambassador Labs
Published in
2 min readNov 12, 2019

--

In today’s episode, we discuss how TLS encryption works between a client and a server.

Encrypted Activity

Websites with Transport Layer Security (TLS) encryption ensure you, as a user, can visit a website without having your personal information stolen. If you’re on a mobile phone or a browser on your desktop and you see a green padlock in the URL bar, this means that your activity is encrypted and your personal information is safe.

But how exactly does that happen?

The Process

The way in which you are accessing the internet is called the “client.” The client contains security details, such as a cipher, and sends a hello message to connect with the server, or the web destination you are trying to reach.

The server responds with its own hello message, and picks a piece of information from the client-side, such as the cipher, to authenticate with. It also sends a digital certificate from a legal and trusted Certificate Authority.

This certificate has a public key, which is sent to the client, and a private key, which the server keeps. Public and private keys work together in pairs, in that the public key always encrypts something, and the private key can always decrypt it.

The client validates that the certificate is trusted and then generates something called an encrypted premaster secret, using a public key from the certificate.

The server uses private key to decrypt the premaster secret and generates a session key, indicating that it is ready for communication. The client generates its own session key, which should be identical to the server session key, to also indicate that it is ready for communication.

At this point, all communication between the server and the client is secure thanks to TLS encryption.

Learn more

Subscribe to the Ambassador YouTube Channel to get updates about new weekly videos!

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Sign up for free

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Try for $5/month
Getting Edgy
Tls
Encryption
Api Gateway

--

--

Ambassador Labs
Ambassador Labs
Follow

Published in Ambassador Labs

2.8K Followers
Last published Nov 15, 2023

Code, ship, and run apps for Kubernetes faster and easier than ever — powered by Ambassador’s industry-leading developer experience.

Follow
Stephanie Coyle
Stephanie Coyle
Follow

Written by Stephanie Coyle

33 Followers
2 Following

Technical writer from Boston, MA with a love of solving big, complicated problems.

Follow

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech