Mutual TLS (mTLS) – when TLS is not enough
Even if you are not familiar and don’t know how the Transport Layer Security (TLS) works you are most probably using it every day when you are using your web browser to access a secure site (https://somesite.com). After SSL as standard we got TLS as its successor, it’s a widely accepted standard and TLS quarantees the identity of the server to the client and provides a two-way encrypted channel.
There are cases when confirming the identity of the server is not enough but we want to know the identity of the client (web hook application can be a great example for this) we can use Mutual TLS. So l’m going through the concepts of the both protocols and share some useful links on how can you use mTLS within ASP.NET Core applications.
As I mentioned above, repetitio est mater studiorum ,Transport Layer Security (TLS) is a great standard to have a guarantee of the server identity and to provide a secure two-way encrypted channel between the client and the server. Through the use of asymmetric cryptography it ensures protection against MITM (man in the middle) attacks. I will briefly describe how the TLS protocol works so it will be more clear what is happening in the background when we are visiting “https web sites”.
