The document discusses HTTP and protocols related to transporting data over the internet. It describes the layered model including the physical, network, transport, and application layers. It then focuses on protocols like HTTP/1, SPDY, HTTP/2 and QUIC that operate at the application layer, with the goal of improving performance by reducing latency through techniques like header compression, multiplexing, and avoiding head-of-line blocking. It also discusses how QUIC aims to solve issues with TCP by operating over UDP while providing encryption, reliability and other features normally provided by TCP.
Talk about HTTP/2, how it has been deployed, did it meet its promises and how QUIC is going to attempt to fix some of the remaining issues. Held in FOSDEM at Febyrar 2017.
In episode 1 of our 2 part webinar series, Cumulus Networks Chief Scientist Dinesh Dutt walks our audience through the drivers behind the industry movement towards web-scale networking. We then go into the fundamentals of network automation and best practices for using tools like Puppet, Chef, Ansible and more to simplify network automation.
OverTheBox is a solution which combines up to 4 Internet connections. You can connect it to any operator using only one RJ45 port. Find out how!
1. Introduction to OverTheBox
2. Part I - What it is
3. OVH launches the OverTheBox
4. Schematics : Aggregation
5. Schematics : Load Balancing
6. Schematics : Active Fail-Over
7. Technical specifications
8. Part II - Why did we do it ?
9. The choice is a luxury
10. Do you mix ?
11. The different combinations
12. Part III - How does it works ?
13. Implementation, and end-to-end schematics 14. The box is equipped with 1 RJ45 1Gbps port 15. You can connect up to 4 modems 16. The OverTheBox’s DHCP is in control 17. Wifi is managed by the modems
18. Part IV - Our recipe
19. The technologies we used
20. Infrastructure details
21. Part V - Quick start
22. Before starting
23. Subscription & first WAN
24. The funnel of activation
25. Service subscription and activation
26. Subscription
27. Running
28. Adding another WAN
29. Everything is green ? All is OK
30. Test the aggregate and the fail-over
31. Part VI - Go further
32. Onboarding center
33. GitHub
34. Thank you
Webinar NETGEAR Prosafe Switch, la sicurezza della LANNetgear Italia
Introduzione alle funzionalità di sicurezza offerta dalle famiglie di switch gestiti di NETGEAR, SMART e FULL MANAGED, per proteggere la tua rete LAN: Protected Ports, Port Security, DHCP Snooping, 802.1x .....
Talk about HTTP/2, how it has been deployed, did it meet its promises and how QUIC is going to attempt to fix some of the remaining issues. Held in FOSDEM at Febyrar 2017.
In episode 1 of our 2 part webinar series, Cumulus Networks Chief Scientist Dinesh Dutt walks our audience through the drivers behind the industry movement towards web-scale networking. We then go into the fundamentals of network automation and best practices for using tools like Puppet, Chef, Ansible and more to simplify network automation.
OverTheBox is a solution which combines up to 4 Internet connections. You can connect it to any operator using only one RJ45 port. Find out how!
1. Introduction to OverTheBox
2. Part I - What it is
3. OVH launches the OverTheBox
4. Schematics : Aggregation
5. Schematics : Load Balancing
6. Schematics : Active Fail-Over
7. Technical specifications
8. Part II - Why did we do it ?
9. The choice is a luxury
10. Do you mix ?
11. The different combinations
12. Part III - How does it works ?
13. Implementation, and end-to-end schematics 14. The box is equipped with 1 RJ45 1Gbps port 15. You can connect up to 4 modems 16. The OverTheBox’s DHCP is in control 17. Wifi is managed by the modems
18. Part IV - Our recipe
19. The technologies we used
20. Infrastructure details
21. Part V - Quick start
22. Before starting
23. Subscription & first WAN
24. The funnel of activation
25. Service subscription and activation
26. Subscription
27. Running
28. Adding another WAN
29. Everything is green ? All is OK
30. Test the aggregate and the fail-over
31. Part VI - Go further
32. Onboarding center
33. GitHub
34. Thank you
Webinar NETGEAR Prosafe Switch, la sicurezza della LANNetgear Italia
Introduzione alle funzionalità di sicurezza offerta dalle famiglie di switch gestiti di NETGEAR, SMART e FULL MANAGED, per proteggere la tua rete LAN: Protected Ports, Port Security, DHCP Snooping, 802.1x .....
HTTP/2 for Developers: How It Changes Developer's Life?
by Svetlin Nakov (SoftUni) - http://www.nakov.com
jProfessionals Conference - Sofia, 22-Nov-2015
Key new features in HTTP/2
- Multiplexing: multiple streams over a single connection
- Header compression: reuse headers from previous requests
- Sever push: multiple parallel responses for a single request
- Prioritization and flow control: resources have priorities
HTTP/2 (or “H2” as the cool kids call it) has been ratified for months, and browsers already support or have committed to supporting the protocol. Everything we hear tells us that the new version of HTTP will provide significant performance benefits while requiring little to no change to our applications—all the problems with HTTP/1.x have seemingly been addressed; we no longer need the “hacks” that enabled us to circumvent them; and the Internet is about to be a happy place at last.
But maybe we should put the pom-poms down for a minute. Deploying HTTP/2 may not be as easy as it seems since the protocol brings with it new complications and issues. Likewise, the new features the spec introduces may not work as seamlessly as we hope. Hooman Beheshti examines HTTP/2’s core features and how they relate to real-world conditions, discussing the positives, negatives, new caveats, and practical considerations for deploying HTTP/2.
Topics include:
The single-connection model and the impact of degraded network conditions on HTTP/2 versus HTTP/1
How server push interacts (or doesn’t) with modern browser caches
What HTTP/2’s flow control mechanism means for server-to-client communication
New considerations for deploying HPACK compression
Difficulties in troubleshooting HTTP/2 communications, new tools, and new ways to use old tools
A technical description of http2, including background of HTTP what's been problematic with it and how http2 and its features improves the web.
See the "http2 explained" document with the complete transcript and more: http://daniel.haxx.se/http2/
(Updated version to slides shown on April 13th, 2016)
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 erapeychevi
The new HTTP/2 protocol which is going to replace HTTP 1.1 was finished on February. Together with it, QUIC is being developed rapidly. Discover why are they so important for the Web and how will they influence the way we optimize the Web stack for the HTTP/2 era.
F5 Monitoring System (On Premise & Cloud Solution)Tolga Ercan
F5 Networks devices monitoring system. Can collect all metrics and can apply functions on them and correlate function applied values to pinpoint any problem in very fast without drill down deep.
Now we hear a word “DMVPN” more and more often, then what is “DMVPN” and what is the advantages DMVPN owning? Here we give a brief introduction of DMVPN.
Remote-access VPNs allow secure access to corporate resources by establishing an encrypted tunnel
across the Internet. The ubiquity of the Internet, combined with today's VPN technologies, allows
organizations to cost-effectively and securely extend the reach of their networks to anyone, anyplace,
anytime.
Learn about HTTP/2 and its relationship to HTTP 1.1 and SPDY. Understand core features and how they benefit security and browser efficiency. More that a "what's new" this talk will leave you with an understanding of why choices in HTTP/2 were made. You'll leave knowing what HTTP/2 is and why it is better for clients and servers.
Solving HTTP Problems with Code and ProtocolsC4Media
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/2G8Jngj.
Natasha Rooney goes through the issues in HTTP, how HTTP2 was developed using Google’s SPDY experiment, and the impact of QUIC. Filmed at qconsf.com.
Natasha Rooney is a member of the W3C Advisory Board and the Stack Evolution Group at IETF. She works as a Engineering Director at GSMA.
HTTP/2 for Developers: How It Changes Developer's Life?
by Svetlin Nakov (SoftUni) - http://www.nakov.com
jProfessionals Conference - Sofia, 22-Nov-2015
Key new features in HTTP/2
- Multiplexing: multiple streams over a single connection
- Header compression: reuse headers from previous requests
- Sever push: multiple parallel responses for a single request
- Prioritization and flow control: resources have priorities
HTTP/2 (or “H2” as the cool kids call it) has been ratified for months, and browsers already support or have committed to supporting the protocol. Everything we hear tells us that the new version of HTTP will provide significant performance benefits while requiring little to no change to our applications—all the problems with HTTP/1.x have seemingly been addressed; we no longer need the “hacks” that enabled us to circumvent them; and the Internet is about to be a happy place at last.
But maybe we should put the pom-poms down for a minute. Deploying HTTP/2 may not be as easy as it seems since the protocol brings with it new complications and issues. Likewise, the new features the spec introduces may not work as seamlessly as we hope. Hooman Beheshti examines HTTP/2’s core features and how they relate to real-world conditions, discussing the positives, negatives, new caveats, and practical considerations for deploying HTTP/2.
Topics include:
The single-connection model and the impact of degraded network conditions on HTTP/2 versus HTTP/1
How server push interacts (or doesn’t) with modern browser caches
What HTTP/2’s flow control mechanism means for server-to-client communication
New considerations for deploying HPACK compression
Difficulties in troubleshooting HTTP/2 communications, new tools, and new ways to use old tools
A technical description of http2, including background of HTTP what's been problematic with it and how http2 and its features improves the web.
See the "http2 explained" document with the complete transcript and more: http://daniel.haxx.se/http2/
(Updated version to slides shown on April 13th, 2016)
HTTP/2 and QUICK protocols. Optimizing the Web stack for HTTP/2 erapeychevi
The new HTTP/2 protocol which is going to replace HTTP 1.1 was finished on February. Together with it, QUIC is being developed rapidly. Discover why are they so important for the Web and how will they influence the way we optimize the Web stack for the HTTP/2 era.
F5 Monitoring System (On Premise & Cloud Solution)Tolga Ercan
F5 Networks devices monitoring system. Can collect all metrics and can apply functions on them and correlate function applied values to pinpoint any problem in very fast without drill down deep.
Now we hear a word “DMVPN” more and more often, then what is “DMVPN” and what is the advantages DMVPN owning? Here we give a brief introduction of DMVPN.
Remote-access VPNs allow secure access to corporate resources by establishing an encrypted tunnel
across the Internet. The ubiquity of the Internet, combined with today's VPN technologies, allows
organizations to cost-effectively and securely extend the reach of their networks to anyone, anyplace,
anytime.
Learn about HTTP/2 and its relationship to HTTP 1.1 and SPDY. Understand core features and how they benefit security and browser efficiency. More that a "what's new" this talk will leave you with an understanding of why choices in HTTP/2 were made. You'll leave knowing what HTTP/2 is and why it is better for clients and servers.
Solving HTTP Problems with Code and ProtocolsC4Media
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/2G8Jngj.
Natasha Rooney goes through the issues in HTTP, how HTTP2 was developed using Google’s SPDY experiment, and the impact of QUIC. Filmed at qconsf.com.
Natasha Rooney is a member of the W3C Advisory Board and the Stack Evolution Group at IETF. She works as a Engineering Director at GSMA.
Communication over the kinds of Data-Links used for unmanned vehicles presents important challenges dues to the low bandwidth, intermittent, and lower reliability of these links. Classic network protocols such as TCP do not operate well in this environment forcing application developers to implement their own reliability and session management. This presentation describes he issues and alternatives.
HTTP/3 over QUIC. All is new but still the same!Daniel Stenberg
HTTP/3 is the designated name for the coming next version of the protocol that is currently under development within the QUIC working group in the IETF. HTTP/3 is designed to improve in areas where HTTP/2 still has some shortcomings, primarily by changing the transport layer. HTTP/3 is the first major protocol to step away from TCP and instead it uses QUIC.
Daniel Stenberg does a presentation about HTTP/3 and QUIC. Why the new protocols are deemed necessary, how they work, how they change how things are sent over the network and what some of the coming deployment challenges will be.
If the number of spine switches were to be merely doubled, the effect of a single switch failure is halved. With 8 spine switches, the effect of a single switch failure only causes a 12% reduction in available bandwidth. So, in modern data centers, people build networks with anywhere from 4 to 32 spine switches. With a leaf-spine network, every server on the network is exactly the same distance away from all other servers – three port hops, to be precise. The benefit of this architecture is that you can just add more spines and leaves as you expand the cluster and you don't have to do any recabling. Intuition Systems will also get more predictable latency between the nodes.
As a trend, disaggregation seems to be most useful for very large companies like Facebook and Google, or cloud providers. The technology does not necessarily have significant implications for small or medium sized businesses. Historically, however, technology has a way of trickling down from the pioneering phases of existing only within large companies with tremendous resources, to becoming more standardized across the board.
Linux HTTPS/TCP/IP Stack for the Fast and Secure WebAll Things Open
Presented at All Things Open 2018
Presented by Alexander Krizhanovsky with Tempesta Technologies INC
10/23/18 - 2:00 PM - Networking/Infrastructure Track
Master Class : TCP/IP Mechanics from Scratch to ExpertAbhishek Sagar
This is Master Class course on TCP/IP protocol - Transmission Control Protocol. Since it is Master Class course, this course discusses the internal design and functioning of complex transport layer protocol - TCP.
Almost all traffic on internet today is transported by TCP protocol. TCP, as where it stands today, mature and solid, is the result of over 25 yrs of research by network gurus. TCP is complicated and difficult to understand, therefore i have paid utmost attention to present the concept in most simplest way as possible without any loss of information.
RFC 7540 was ratified over 2 years ago and, today, all major browsers, servers, and CDNs support the next generation of HTTP. Just over a year ago, at Velocity (https://www.slideshare.net/Fastly/http2-what-no-one-is-telling-you), we discussed the protocol, looked at some real world implications of its deployment and use, and what realistic expectations we should have from its use.
Now that adoption is ramped up and the protocol is being regularly used on the Internet, it's a good time to revisit the protocol and its deployment. Has it evolved? Have we learned anything? Are all the features providing the benefits we were expecting? What's next?
In this session, we'll review protocol basics and try to answer some of these questions based on real-world use of it. We'll dig into the core features like interaction with TCP, server push, priorities and dependencies, and HPACK. We'll look at these features through the lens of experience and see if good practice patterns have emerged. We'll also review available tools and discuss what protocol enhancements are in the near and not-so-near horizon.
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
Similar to Solving HTTP Problems With Code and Protocols (20)
JQuery UK February 2015: Service Workers On VacayNatasha Rooney
Webapps are awesome, and travel is awesome, but the two together suck. Roaming, aeroplanes, bad connections and flakey wifi make native apps so much more attractive when travelling. The offline-capable gap between web native needs to be quashed, and Service Worker is coming to do the quashing! This talk will go through the simple use case of creating an offline-capable webapp using caching in ServiceWorker, complete with pulling in data and retaining data for offline view.
Making it Work Offline: Current & Future Offline APIs for Web AppsNatasha Rooney
We go through the current APIs for creating offline capable web apps such as LocalStorage, App Cache and a bit of IndexedDB. We also take a look at the work going behind the new solution "ServiceWorker" and how it may change the game.
Demo to support the presentation is here: https://github.com/nrooney/offlineanime
Updates on Offline: “My AppCache won’t come back” and “ServiceWorker Tricks ...Natasha Rooney
My slides from my talk "Updates on Offline: “My AppCache won’t come back” and “ServiceWorker Tricks for Cache”" from Over the Air 2013 held in September in Bletchley Park. We had a good run-through of offline APIs in web, the mysteries of App Cache, and updates on the current status of ServiceWorker.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
2. @thisNatasha
7. Application Data HTTP /
IMAP
6. Data Presentation,
Encryption
SSL / TLS
5. Session and connection
management
-
4. Transport of packets and
streams
TCP / UDP
3. Routing and delivery of
datagrams on the Network
IP / IPSec
2. Local Data Connection Ethernet
1. Physical data connection
(cables)
CAT5
HTTP
TLS
TCP
IP
Web
74. @thisNatasha
“A "stream" is an independent,
bidirectional sequence of frames
exchanged between the client and server
within an HTTP/2 connection…
A single HTTP/2 connection can contain
multiple concurrently open streams…”
Hypertext Transfer Protocol Version 2 (HTTP/2), RFC7540
89. @thisNatasha
7. Application Data HTTP /
IMAP
6. Data Presentation,
Encryption
SSL / TLS
5. Session and connection
management
-
4. Transport of packets and
streams
TCP / UDP
3. Routing and delivery of
datagrams on the Network
IP / IPSec
2. Local Data Connection Ethernet
1. Physical data connection
(cables)
CAT5
HTTP
TLS
TCP
IP
Web
100. @thisNatasha
7. Application Data HTTP /
IMAP
6. Data Presentation,
Encryption
SSL / TLS
5. Session and connection
management
-
4. Transport of packets and
streams
TCP / UDP
3. Routing and delivery of
datagrams on the Network
IP / IPSec
2. Local Data Connection Ethernet
1. Physical data connection
(cables)
CAT5
OSI Model
101. @thisNatasha
Handshake Flow
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Key Exchange
Authentication Algorithm Strength Mode
Cipher MAC or PRF
TLS/HandshakeCheatSheet Key Exchange Method: creates the pre master secret.
Premaster secret is combined with PRF to create master
secret
RSA, DHE_RSA,
ECDHE_RSA,
ECDHE_ECDSA
Authentication Method: Uses public key crypto and
certificates public key together. Once certificate is
validated the client can used public key.
RSA or ECDSA
Certs: X.509, ASN.1
DER encoding.
Server
Hello,
Certificate
- Server selects cipher & compression
method
- Server send certificate
- Client authenticates
Key Exchange Pre-master secret exchanged between
client & server, client validates certificate
Master
Secret
Client & Server can compute Master Secret.
MAC Server verifies MAC, returns to client to
verify also.
Finished Handshake complete.
Client Hello Client sends TLS Version, Ciphersuites,
Compression methods
Ciphers, Standards and Terms
Encryption
3DES, AES, ARIA,
CAMELLIA, RC4, and
SEED
[1] Steam: adds MAC [2]
Block: adds IV and
padding after encryption
[3] Encryption (AEAD):
encryption and integrity
validation, using nonce,
no padding, no IV.
Master Secret
Pre-master secret:
combines params to
help client and server
create master secret.
Master Secret: both
server and client create
this from pre-master
secret to symmetrically
encrypt
Integrity Validation
PRF: Pseudorandom
Function. Takes a
secret, a seed, and a
unique label. TLS1.2
suites use PRF based
on HMAC and SHA256
MAC: used for integrity
validation in handshake
and record.