Home » SSL/TLS Deep Dive: Certificate Chain, Handshake, HSTS, Certificate Pinning และ mTLS
SSL/TLS Deep Dive: Certificate Chain, Handshake, HSTS, Certificate Pinning และ mTLS
SSL/TLS Deep Dive: Certificate Chain, Handshake, HSTS, Certificate Pinning และ mTLS
SSL/TLS เป็น protocol ที่ encrypt communication ระหว่าง client และ server Certificate Chain ยืนยัน identity ของ server, TLS Handshake สร้าง encrypted session, HSTS บังคับให้ browser ใช้ HTTPS เสมอ, Certificate Pinning ป้องกัน man-in-the-middle และ mTLS ให้ mutual authentication ทั้ง client และ server
TLS เป็น foundation ของ internet security: ทุก HTTPS website, email (SMTP/IMAPS), VPN, API call ใช้ TLS แต่ misconfiguration ยังเป็นปัญหาใหญ่: expired certificates (outages), weak cipher suites (vulnerable), missing HSTS (downgrade attacks), no certificate validation (MITM) เข้าใจ TLS อย่างลึกช่วยป้องกัน security incidents และ outages
TLS Versions
| Version |
Year |
Status |
Key Feature |
| SSL 2.0 |
1995 |
Deprecated (insecure) |
First public version — many vulnerabilities |
| SSL 3.0 |
1996 |
Deprecated (POODLE attack) |
Improved but still vulnerable |
| TLS 1.0 |
1999 |
Deprecated (BEAST attack) |
SSL 3.1 — first TLS version |
| TLS 1.1 |
2006 |
Deprecated |
Fixed BEAST — but still weak ciphers |
| TLS 1.2 |
2008 |
Current (widely deployed) |
AEAD ciphers, SHA-256, flexible handshake |
| TLS 1.3 |
2018 |
Latest (recommended) |
1-RTT handshake, 0-RTT resumption, removed weak ciphers |
Certificate Chain
| Level |
Certificate |
Purpose |
| Root CA |
Self-signed certificate from trusted CA (DigiCert, Let’s Encrypt, Comodo) |
Pre-installed in OS/browser trust store — anchor of trust |
| Intermediate CA |
Signed by Root CA — issues end-entity certificates |
Protect Root CA (kept offline) — intermediate does daily signing |
| End-Entity (Leaf) |
Server certificate — signed by Intermediate CA |
Proves server identity — contains domain name, public key |
| Validation |
Browser: leaf cert → signed by intermediate? → intermediate signed by root? → root in trust store? |
Chain must be complete — missing intermediate = error |
TLS 1.2 Handshake
| Step |
Message |
Description |
| 1 |
ClientHello |
Client → Server: supported TLS versions, cipher suites, random number, SNI |
| 2 |
ServerHello |
Server → Client: chosen cipher suite, random number, session ID |
| 3 |
Certificate |
Server → Client: server certificate + chain (intermediate CAs) |
| 4 |
ServerKeyExchange |
Server → Client: DH parameters for key exchange (if DHE/ECDHE) |
| 5 |
ClientKeyExchange |
Client → Server: pre-master secret (encrypted with server’s public key) or DH public value |
| 6 |
ChangeCipherSpec |
Both sides: switch to encrypted communication using derived session keys |
| 7 |
Finished |
Both sides: verify handshake integrity — encrypted with session keys |
TLS 1.3 Improvements
| Feature |
TLS 1.2 |
TLS 1.3 |
| Handshake RTT |
2-RTT (full handshake) |
1-RTT (full), 0-RTT (resumption) |
| Cipher Suites |
37+ cipher suites (many weak) |
5 cipher suites only (all strong AEAD) |
| Key Exchange |
RSA, DHE, ECDHE |
ECDHE only (forward secrecy mandatory) |
| Forward Secrecy |
Optional (only with DHE/ECDHE) |
Mandatory (always ECDHE) |
| Encryption Start |
After handshake complete |
Server encrypts from ServerHello (earlier encryption) |
| 0-RTT |
Not available |
Send data with ClientHello (resumption) — risk: replay attacks |
| Removed |
– |
RSA key exchange, CBC ciphers, RC4, SHA-1, compression |
HSTS (HTTP Strict Transport Security)
| Feature |
รายละเอียด |
| คืออะไร |
HTTP header ที่บอก browser: “เข้า site นี้ด้วย HTTPS เสมอ — ห้ามใช้ HTTP” |
| Header |
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload |
| max-age |
จำนวนวินาทีที่ browser จำ (31536000 = 1 ปี) → ใช้ HTTPS ตลอด |
| includeSubDomains |
Apply HSTS กับ subdomains ทั้งหมด (*.example.com) |
| Preload |
Submit domain to HSTS preload list → browser enforce HTTPS ตั้งแต่ first visit |
| Prevents |
SSL stripping attack: MITM downgrade HTTPS → HTTP → sniff traffic |
| Risk |
ถ้า certificate expire → site inaccessible (browser refuses HTTP fallback) |
Certificate Pinning
| Feature |
รายละเอียด |
| คืออะไร |
Client จำ (pin) specific certificate/public key → reject ถ้า server ใช้ cert อื่น (แม้ valid) |
| HPKP (Deprecated) |
HTTP Public Key Pinning header — deprecated เพราะ risk of bricking site |
| App Pinning |
Mobile apps pin server certificate/key ใน app code → prevent MITM even with rogue CA |
| Advantage |
Protect against rogue CA, compromised CA, government MITM |
| Risk |
Certificate rotation → must update pins → if wrong = app broken |
| Alternative |
Certificate Transparency (CT) logs — public log of all certificates → detect rogue certs |
mTLS (Mutual TLS)
| Feature |
Standard TLS |
mTLS |
| Server Auth |
Server presents certificate → client validates |
Same |
| Client Auth |
None (or username/password at app layer) |
Client also presents certificate → server validates |
| Trust |
Client trusts server only |
Mutual trust: both sides verified by certificates |
| Use Case |
Websites, APIs (public-facing) |
Service-to-service (microservices), API gateways, IoT, Zero Trust |
| Service Mesh |
– |
Istio, Linkerd: auto mTLS between all services ใน Kubernetes |
| Management |
Server cert management only |
Both client + server cert management (more complex) |
ทิ้งท้าย: TLS = Encryption + Authentication + Integrity
SSL/TLS Deep Dive Versions: TLS 1.2 (current standard), TLS 1.3 (recommended — 1-RTT, ECDHE mandatory, 5 strong ciphers only) Certificate Chain: Root CA (trust store) → Intermediate CA → End-entity (server cert) — chain must be complete Handshake: TLS 1.2 = 2-RTT, TLS 1.3 = 1-RTT + 0-RTT resumption — faster + more secure HSTS: force HTTPS always, preload list, prevent SSL stripping — must-have for every HTTPS site Certificate Pinning: pin specific cert/key — protect against rogue CA (mostly mobile apps now) mTLS: mutual authentication — both client + server present certs — service mesh, Zero Trust, IoT Key: TLS 1.3 + HSTS preload + certificate automation (Let’s Encrypt/ACME) = modern TLS best practice
อ่านเพิ่มเติมเกี่ยวกับ Network Security Architecture Defense in Depth และ Wireless Security WPA3 802.1X RADIUS ที่ siamlancard.com หรือจาก icafeforex.com และ siam2r.com
