Encryption in Transit (TLS)
Understand encryption in transit via TLS. Learn how the TLS handshake works, cipher suite negotiation, certificate validation, and differences between TLS 1.2 and 1.3. Browser-based demo.
Detailed Explanation
Encryption in Transit: Securing Data on the Wire
Encryption in transit protects data as it moves between systems — from browser to server, server to database, or service to service. The primary protocol for this is TLS (Transport Layer Security), which secures HTTPS, email, VPN connections, and more.
What TLS Protects Against
- Eavesdropping — Attackers on the same network cannot read the data
- Tampering — Modified packets are detected and rejected
- Impersonation — Certificates verify the server's identity
The TLS 1.3 Handshake
TLS 1.3 simplified the handshake to just 1 round trip (1-RTT), compared to TLS 1.2's 2 round trips:
Client Server
│ │
├── ClientHello + KeyShare ──────────▶│
│ │
│◀──── ServerHello + KeyShare ────────┤
│◀──── EncryptedExtensions ───────────┤
│◀──── Certificate ───────────────────┤
│◀──── CertificateVerify ────────────┤
│◀──── Finished ─────────────────────┤
│ │
├── Finished ────────────────────────▶│
│ │
├════ Encrypted Application Data ═══▶│
Key Exchange
TLS 1.3 uses ephemeral key exchange exclusively:
- X25519 — Elliptic curve Diffie-Hellman on Curve25519 (most common)
- P-256 — NIST elliptic curve (ECDHE)
- Kyber — Post-quantum key encapsulation (experimental, in Chrome/Firefox)
Ephemeral means a new key pair is generated for every connection, providing forward secrecy — even if the server's private key is later compromised, past sessions cannot be decrypted.
Cipher Suites
TLS 1.3 dramatically reduced the number of cipher suites to just five:
| Cipher Suite | Key Exchange | Encryption | Hash |
|---|---|---|---|
| TLS_AES_128_GCM_SHA256 | ECDHE/DHE | AES-128-GCM | SHA-256 |
| TLS_AES_256_GCM_SHA384 | ECDHE/DHE | AES-256-GCM | SHA-384 |
| TLS_CHACHA20_POLY1305_SHA256 | ECDHE/DHE | ChaCha20-Poly1305 | SHA-256 |
| TLS_AES_128_CCM_SHA256 | ECDHE/DHE | AES-128-CCM | SHA-256 |
| TLS_AES_128_CCM_8_SHA256 | ECDHE/DHE | AES-128-CCM-8 | SHA-256 |
All five use AEAD encryption — CBC-based suites were removed entirely.
TLS 1.2 vs TLS 1.3
| Feature | TLS 1.2 | TLS 1.3 |
|---|---|---|
| Handshake RTT | 2 | 1 (0-RTT resumption) |
| Key exchange | RSA or ECDHE | ECDHE only |
| Forward secrecy | Optional | Mandatory |
| Cipher suites | 300+ | 5 |
| CBC support | Yes | Removed |
| RSA key transport | Yes | Removed |
Certificate Validation
TLS certificates (X.509) verify server identity:
- Client receives the server's certificate chain
- Validates the chain up to a trusted root CA
- Checks the certificate is not expired
- Verifies the domain name matches (Subject or SAN)
- Checks revocation status (OCSP or CRL)
Common Configuration Mistakes
- Self-signed certificates in production — Browsers will show security warnings
- Expired certificates — Causes connection failures; use automated renewal (Let's Encrypt + Certbot)
- Allowing TLS 1.0/1.1 — Known vulnerabilities; disable in server configuration
- Weak cipher suites — Disable RC4, 3DES, and CBC-based suites where possible
Use Case
Understanding encryption in transit is essential for every web developer and operations engineer. Configuring TLS correctly on web servers (Nginx, Apache), load balancers (AWS ALB, Cloudflare), and API gateways is a daily task. Security audits check TLS configuration, certificate management, and cipher suite selection. Developers building microservices need to understand mTLS (mutual TLS) for service-to-service authentication within a cluster.