Create an article about `TLS/SSL`

[sentenz]

TLS/SSL

TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are cryptographic protocols that provide secure communication over a computer network. TLS and SSL operate by establishing a secure connection between a client and a server, ensuring that the data exchanged between them is encrypted and integrity-protected.

• 1. Category
  • 1.1. Cipher Suites
  • 1.2. TLS 1.2
• 2. References

1. Category

1.1. Cipher Suites

Format:

<protocol>_<key-exchange>_<signature>_WITH_<bulk-encryption>_<hash>

Example:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

1.2. TLS 1.2

• When keys and MAC keys are generated, the master secret is used as an entropy source.

---
title: TLS Communication 
---

sequenceDiagram
  participant Client
  participant Server

  Note over Client,Server: TCP Handshake
  Client->>Server: SYN
  Server->>Client: SYN/ACK
  Client->>Server: ACK

  Note over Client,Server: Asymmetric Communication
  Client->>Server: ClientHello (TLS v1.2, Client Random, CipherSuites)
  Server->>Client: ServerHello (TLS v1.2, Server Random, CipherSuites)
  Server->>Client: ServerCertificate
  Server->>Server: Generate Keypair
  Server->>Server: Signature
  Server-->>Client: ServerKeyExchange
  Server-->>Client: CertificateRequest
  Server->>Client: ServerHelloDone
  Client-->>Server: ClientCertificate
  Client->>Client: Generate Keypair
  Client->>Client: Generate Premaster Secret
  Client->>Server: ClientKeyExchange (Premaster Secret)
  Client-->>Server: CertificateVerify
  Client->>Client: Generate Master Secret
  Server->>Server: Generate Master Secret
  Client->>Server: ChangeCipherSpec
  Client->>Server: Finished
  Server->>Client: ChangeCipherSpec
  Server->>Client: Finished

  Note over Client,Server: Symmetric Communication
  loop Secure Data Exchange
    Client->>Server: Encrypted Application Data (Symmetric Key)
    Client->>Server: CloseNotify
    Server->>Server: Decrypt Process Data
    Server->>Client: Encrypted Application Data (Symmetric Key)
    Server->>Client: CloseNotify
    Client->>Client: Decrypt Process Data
  end

  Note over Client,Server: TCP Termination
  Client->>Server: FIN
  Server->>Client: FIN/ACK
  Client->>Server: ACK

2. References

• Internet Engineering Task Force (IETF) TLS 1.2 specification.
• Internet Engineering Task Force (IETF) TLS 1.3 specification.
• wolfSSL TLS 1.2 article.