Code-Memo

TLS / SSL

Encryption basics

• Confidentiality: attackers can’t read plaintext.
• Integrity: attackers can’t modify data undetected (MAC/AEAD).
• Authentication: verify who you’re talking to (certificates, keys).

Certificates and CAs

• Servers present an X.509 certificate proving ownership of a domain name.
• A CA signs certificates; clients trust a set of CA roots.
• A valid chain: server cert → intermediate(s) → trusted root.

TLS handshake flow

• Client and server negotiate version/ciphers, exchange key material, establish shared secrets.
• Modern TLS uses ephemeral key exchange (forward secrecy) and then encrypts application data.

Why HTTPS is secure

• Prevents passive sniffing (encryption) and active tampering (integrity).
• Helps prevent impersonation (certificate validation + hostname verification).
• Still requires correct app security (authn/z, input validation, CSRF, etc.).

Certificate management in cloud

• Use managed cert services to issue/renew certificates automatically.
• Common deployment targets: load balancers, API gateways, ingress controllers, CDN edge.