SSL/TLS: The Definitive Guide to Secure Communication

12. Glossary

1. SSL (Secure Sockets Layer): Original protocol by Netscape. Now deprecated.
2. TLS (Transport Layer Security): Modern standard. Versions 1.2 and 1.3 are current.
3. CA (Certificate Authority): Entity that issues and vouches for certificates.
4. Root Certificate: Top of the trust chain. Pre-installed in OS/browsers.
5. Chain of Trust: Verification path from site cert → intermediate CA → root CA.
6. Symmetric Encryption: Same key for encrypt/decrypt. Fast (AES).
7. Asymmetric Encryption: Public/private key pair. Secure but slow (RSA, ECC).
8. Handshake: Initial negotiation to agree on keys and algorithms.
9. Cipher Suite: Set of algorithms for key exchange, encryption, and hashing.
10. RTT (Round Trip Time): Time for a packet to travel to destination and back.
11. Session Key: Temporary symmetric key created during handshake.
12. Self-Signed Certificate: Certificate signed by itself, not a CA. Triggers browser warnings.
13. PKI (Public Key Infrastructure): Ecosystem of certificates, CAs, and policies.
14. HSTS: Header forcing browsers to use HTTPS only.
15. MITM (Man-In-The-Middle): Attack where hacker intercepts communication.
16. Forward Secrecy (PFS): Ensures past sessions can't be decrypted if private key is later stolen.
17. OCSP Stapling: Server provides certificate validity proof to client.
18. mkcert: Tool for creating locally-trusted dev certificates.
19. Mixed Content: Security warning when HTTPS page loads HTTP resources.
20. Let's Encrypt: Free, automated CA. Works with certbot for easy cert management.