Category
TLS & transport
Every tool and article in this category, gathered in one place.
Tools
Articles
Anatomy of a TLS Cipher Suite
What a TLS cipher suite actually names, how to read a suite like TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 piece by piece, and how the same two-byte code point shows up under three different naming conventions.
ReadReading Cipher Suite Names: IANA, OpenSSL, and GnuTLS
Why the same cipher suite has three different names and a two-byte code point, how to translate between the IANA, OpenSSL, and GnuTLS conventions, and what the IANA Recommended column of Y, N, and D actually means.
ReadAEAD vs CBC: Why the Mode Matters
The practical difference between an AEAD cipher like AES-GCM and an older CBC cipher with a separate HMAC, the padding-oracle attacks that killed MAC-then-encrypt, and the one tradeoff AEAD still asks you to make.
ReadForward Secrecy and the Key Exchange
What forward secrecy buys you, why static RSA key transport does not provide it, how ECDHE and DHE do, and why authentication and key exchange are two separate jobs that a suite name keeps distinct.
ReadTLS 1.3 Cipher Suites: What Changed
Why a TLS 1.3 suite names only a cipher and a hash, where the key exchange and authentication went, and why the list of suites shrank from hundreds to a handful.
Read