This beautiful website illustrates the full potential of a TLS connection
For many people involved in the NetSec community, understanding and appreciating the complexities of TLS can be rather difficult. Try as you may, there has never been a simplified and elegant solution to understanding the complexities of the handshakes and how your client interacts with a server to deliver secure, encrypted communications.
Today, I came across a wonderful website while browsing through Reddit, created and linked to by /u/syncsynchalt. It seeks to display, explain and show examples for every single byte that is exchanged between a client and server via the 1.2 TLS protocol. Not only does it do all of those things, but it does so in an attractive and easy to understand format that combines great information with a stellar design.
Honestly, just look at how gorgeous this thing is! Anyone looking to learn about TLS connections would do themselves a massive favor by keeping this page bookmarked to refer to whenever they’re having issues.
Begin by clicking on the ‘Client Hello’ section for a brief introduction on how your session kicks off: be sure to click on the ‘annotations’ button as well for a deeper look at every byte. No stone is left unturned by this illustration page: it even provides some examples of things like cipher suites supported and compression methods. Plus the language is clean and concise, without too much technical information to bog down the general learning process. Want to get a little more specific? Then Google away with each sub-header for a more detailed explanation.
Encryption is a must-have for pretty much every website these days, especially one that’s going to require the user to input any information whatsoever. While some of the bigger players in data security such as banks and cryptocurrency exchanges generally have this type of thing locked down, there’s some lagging behind in other parts of the Internet such as live cam sites, affiliate programs, and appointment booking forms. Everyone in web development should know that if your website isn’t HTTPS, then you’re really asking for trouble. We even made the switch here at KnowTechie around 2 years ago: best decision we’ve ever made!
There’s practically no excuse in the modern era for not supporting HTTPS: especially when services such as Let’s Encrypt offer you certificates completely free of charge. While education on how TLS connections work might not prompt many to make the switch on their website, we only hope you take a little look and use this as a nudge toward increasing your own website’s security.
Have any thoughts on this? Let us know down below in the comments.
- New encryption vulnerability means email is no longer secure
- CloudMounter brings encryption and security to your cloud affairs
- Is there a downside to encryption?