
The Illustrated TLS Connection - thamizhan2611
https://tls.ulfheim.net/
======
gwittel
It’s a lovely guide. Saves a lot of time vs reading the RFCs when you just
want to debug a session state flow/log/packet capture.

The one thing I wish it had was better tracing of branch points like session
resumption. It would make walking session state logs simpler.

I ran into this while trying to figure out if the open source Kubernetes nginx
ingress supported session resumption on the upstream side (it doesn’t; a
deficiency in the lua balancer). While the diversion into nginx source and
other sundries was nice, I could have saved that time :)

------
kuharich
Prior comments:
[https://news.ycombinator.com/item?id=18200749](https://news.ycombinator.com/item?id=18200749)

------
cordite
That was absolutely fantastic.

It’d be a pleasure to see a version for 1.3, but not all Maintained SSL
libraries implement it yet,
[https://github.com/ARMmbed/mbedtls/issues/508](https://github.com/ARMmbed/mbedtls/issues/508)
mbedTLS tls for example appears not to have it landed. This is one library
often used in IoT environments

~~~
toast0
> It’d be a pleasure to see a version for 1.3

[https://tls13.ulfheim.net/](https://tls13.ulfheim.net/) (linked at the
bottom)

~~~
cordite
Thanks! I totally missed it.

I find it silly how many places legacy versions are hard coded for
compatibility.

~~~
toast0
As I recall, this came out right on the cusp of TLS 1.3; so TLS 1.2 was what
was currently deployed. Timing was awful for me, because I was working on a
TLS 1.3 project, and this would have been super useful, but wasn't yet
available.

------
mlk
One including mutual authentication would be appreciated

