1. What is SSL/TLS?

• SSL (Secure Sockets Layer) → Old protocol to encrypt data between client ↔ server. (Now deprecated ❌)
• TLS (Transport Layer Security) → Successor of SSL, more secure and widely used today.
• TLS ensures three things:
  1. Confidentiality → Data is encrypted (no one can read it if intercepted).
  2. Integrity → Data cannot be altered without detection.
  3. Authentication → Server (and sometimes client) identity is verified using digital certificates.

2. How TLS Works (Simplified Handshake)

When you visit https://example.com:

1. Client Hello → Browser says “I want to connect securely” (offers TLS versions, ciphers).
2. Server Hello → Server replies with chosen TLS version, cipher suite, and sends its certificate.
3. Certificate Validation → Browser checks if certificate is valid (CA-signed, not expired, domain matches).
4. Key Exchange → Client and server securely agree on session keys (using RSA, Diffie-Hellman, or ECDHE).
5. Session Established → Both sides use the shared secret key to encrypt communication.

📌 After this → All HTTP data becomes HTTPS (encrypted).

3. TLS vs SSL Versions

• SSL 2.0 & 3.0 → Deprecated (insecure, vulnerable to POODLE).
• TLS 1.0 (1999) → Deprecated (weak, vulnerable to BEAST attacks).
• TLS 1.1 (2006) → Deprecated (weak).
• TLS 1.2 (2008) → ✅ Still widely used and considered secure (if configured properly).
• TLS 1.3 (2018) → ✅ Current latest version, faster & more secure.