Internet connection status validating identity

And if your eyes glaze over when people start talking about SSL, security and certificates - start glazing now. The RFC hyperlinks in the page below link to a plain text version which was copied to our site when the RFC was issued.We started doing this a long, long time ago when RFCs were maintained in some strange places, occasionally moved location, and performance and reliability of the repositories was very variable (being generous). The IETF, like IANA, have solid web sites with excellent performance and continually improving features.Nevertheless, we persist in our ingrained habit for no particularly good reason (old dog..tricks..).

internet connection status validating identity-45internet connection status validating identity-11

In addition, a number of extensions are defined in RFC 3546 when TLS is used in bandwidth constrained systems such as wireless networks, RFC6066 defines a number of TLS extensions carried in an extended client hello format (introduced with TLS 1.2), RFC6961 defines a method for reducing traffic when a client requests the server to supply certificate status information.

And RFC 7935 now defines what happens to TLS (and DTLS) when used in the Io T (Internet of Things or Thingies as we, in our iconoclastic way, prefer).

TLS/SSL runs on top of TCP but below the end user protocol that it secures such as HTTP or IMAP as shown in Figure 1. TLS/SSL does not have a well-known port number - instead when used with a higher layer protocol, such as HTTP, that protocol designates a secure variant, HTTPS in the case of HTTP, which does have a well-known (or default) port number.

The designation HTTPS simply indicates that normal HTTP is being run on top of an TLS/SSL connection, which runs over TCP.

You can either buy an SSL (X.509) certificate or generate your own (a self-signed certificate) for testing or, depending on the application, even in a production environment.