Demystifying TLS/SSL: The Backbone of Secure Communication

Jasai HansdaJasai Hansda
4 min read

Table of contents

In today's hyper-connected digital world, security is everything. Whether you're deploying a Kubernetes cluster, building a web app, or simply browsing online, chances are you're relying on TLS (Transport Layer Security) — the modern encryption protocol that keeps data private and safe in transit.

Let’s break down what TLS/SSL is, why it’s essential, and how to use it — with examples for both Nginx and Kubernetes.

🌐 What Is TLS/SSL?

TLS (Transport Layer Security) and its older predecessor SSL (Secure Sockets Layer) are encryption protocols designed to secure communication between clients (like browsers) and servers. They ensure:

  • Privacy: Data is encrypted end-to-end.

  • Integrity: Information can’t be tampered with mid-flight.

  • Authentication: You’re really talking to the right server.

Fun fact: Although SSL is a familiar term, it’s no longer used. TLS has replaced SSL in almost all modern systems.

🆚 TLS vs. SSL — What's the Difference?

FeatureSSL (Deprecated)TLS (Used Today)
StatusDeprecated (SSL 2.0/3.0)Active (TLS 1.2/1.3)
SecurityVulnerableStrong, efficient
SpeedSlowerFaster
Industry UsageLegacy onlyDefault for HTTPS, APIs, VPNs

Bottom line: TLS 1.2 and 1.3 are the standards you should be using.

🔄 Where Is TLS Used?

TLS is core to networking, but it’s useful in many areas:

  • HTTPS websites: TLS encrypts data in your browser.

  • Kubernetes Ingress: TLS secures traffic entering the cluster.

  • APIs and microservices: Keeps backend-to-backend communication safe.

  • VPNs and email protocols: Protects sensitive traffic across networks.

  • DevOps pipelines: Often used with CI/CD secrets, keys, and certificates.

🛠️ How to Use TLS — Practical Examples

✳️ Example 1: TLS in Nginx

To enable TLS in Nginx, add this to your config:

server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate     /etc/ssl/certs/example.crt;
    ssl_certificate_key /etc/ssl/private/example.key;

    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    location / {
        proxy_pass http://localhost:3000;
    }
}

This listens on port 443 and secures connections using a certificate and private key.

✳️ Example 2: TLS in Kubernetes Ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: secure-ingress
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
  tls:
  - hosts:
    - example.com
    secretName: tls-secret
  rules:
  - host: example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-service
            port:
              number: 80

Then create the TLS secret:

kubectl create secret tls tls-secret \
  --cert=example.crt \
  --key=example.key

🔐 How to Get SSL/TLS Certificates

🧪 For Testing (Self-Signed)

You can use OpenSSL to generate your own certificate and key:

# 1. Generate a private key
openssl genrsa -out example.key 2048

# 2. Create a certificate signing request (CSR)
openssl req -new -key example.key -out example.csr

# 3. Generate a self-signed certificate
openssl x509 -req -days 365 -in example.csr -signkey example.key -out example.crt

📁 Resulting Files

  • example.key: Your private key

  • example.crt: Your self-signed certificate

Place them in:

ssl_certificate     /etc/ssl/certs/example.crt;
ssl_certificate_key /etc/ssl/private/example.key;

🏢 For Production (CA-Signed)

  1. Generate a private key and CSR:

     openssl genrsa -out example.key 2048
 openssl req -new -key example.key -out example.csr

  2. Submit your CSR to a Certificate Authority (CA)

    • Use providers like Let's Encrypt (free), DigiCert, GoDaddy, etc.

    • They’ll validate your domain and issue a .crt file.

  3. Install the certificate and key on your server.

    • Save the .crt and .key files to appropriate paths.

    • Update your server config (e.g., Nginx or Apache) to use them.

🧪 Bonus: Quick Self-Signed with One Command

openssl req -x509 -newkey rsa:2048 -keyout example.key -out example.crt -days 365 -nodes

This skips the CSR step and creates both files in one go.

🧭 TLS Handshake in Action

When a user connects:

  1. The server shares its TLS certificate.

  2. The client verifies it (via CA).

  3. Both sides negotiate encryption keys.

  4. Secure session begins — all data is now encrypted.

🧠 Final Thoughts

TLS is no longer just a nice-to-have — it’s a must. Whether you're working with Nginx, Kubernetes Ingress, or secure internal APIs, TLS protects your users, systems, and infrastructure.

SSL might still be a familiar term, but today’s security demands are met with TLS 1.2 or 1.3, and thankfully, modern tooling makes configuration easier than ever.

0
Subscribe to my newsletter

Read articles from Jasai Hansda directly inside your inbox. Subscribe to the newsletter, and don't miss out.

TLSSSLnetworkingencryptionhttpsnginxk8sKubernetessecure communication

Written by

Jasai Hansda
Jasai Hansda

Software Engineer (2 years) | In-transition to DevOps. Passionate about building and deploying software efficiently. Eager to leverage my development background in the DevOps and cloud computing world. Open to new opportunities!