1
  • Are digital certificates part of TLS protocol implementation?
  • Is the padlock green icon on my browser has to do with TLS use or digital certificates?
  • If I use a service like Let's Encrypt to issue a certificate for my web server, how can I determine the TLS version used?

Thank you

elli
  • 329
  • 2
  • 10

1 Answers1

4

Are digital certificates part of TLS protocol implementation?

Certificates are used for authentication inside TLS but they are by themselves not part of the protocol specification. Certificates are a concept not an implementation so they are not part of the protocol implementation either, although using certificates for authentication is part of the protocol implementation.

Is the padlock green icon on my browser has to do with TLS use or digital certificates?

Both. It signals a successful TLS connection against a trusted site where the trust comes from the certificate. Note that this trust does not mean that the site is secure by itself or that it will not harm you, it only says that the browser connected to a site which provides a certificate matching the URL, i.e. the expected site and not some man in the middle.

If I use a service like Let's Encrypt to issue a certificate for my web server, how can I determine the TLS version used?

The used TLS protocol version is independent of the certificate.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Thank you so much. Is it up to me to determine the TLS protocol version? – elli Jun 07 '17 at 18:55
  • 1
    @elenaa: The use TLS version is determined during the TLS handshake and depends on the capabilities of both client and server. I really recommend that you study [How does SSL/TLS work?](https://security.stackexchange.com/questions/20803/how-does-ssl-tls-work). – Steffen Ullrich Jun 07 '17 at 18:57