KomuraSoft LLC
TLS101

Understand TLS/HTTPS with Diagrams and Exercises

"A certificate error appeared, and I can't tell whether it's safe to ignore." "Can I really tell a customer that the padlock means the site is safe?" — We use HTTPS every day, yet what happens inside is surprisingly hard to explain. Instead of memorizing TLS, this course aims to let you follow what happens behind the padlock through three questions: is the peer genuine, is the content secret, and has it been tampered with. You grasp the big picture with diagrams, then check yourself with short exercises and hand calculations placed right after each section.

Diagrams → tools → hand calc → openssl 42 questions Graded in-browser Saved to localStorage
Time
3–4 hours
Questions
42 total
Format
7 chapters + quizzes + simulator
Cost
Free
Overview diagram mapping the three threats — eavesdropping, tampering, impersonation — to the three guarantees: confidentiality, integrity, authenticity

TLS is not a single piece of magic but a combination of tools, each answering a different threat. Keep this mapping in mind and every later chapter becomes easier to read. (Diagrams are shared with the Japanese course.)

What makes this course different

Quizzes right below the text
You answer 1–3 questions immediately after each section, so it is hard to move on while only "sort of" understanding.
Hand calculations touch the core
You compute a real Diffie–Hellman key agreement with small primes and verify for yourself why an eavesdropper learns nothing.
A key-agreement simulator
In Chapter 3 you can drag the secret values and watch how the public values and the shared secret respond.
Graded in-browser, no sign-up
All 42 questions are graded inside your browser and results are stored only in your browser's localStorage. Nothing is sent to a server.

The three questions that run through this course

Whenever you look at an HTTPS connection or a certificate error, this course returns to the same three questions. As the chapters progress, you gain one tool after another for answering them.

1. Is the peer genuine?
Authenticity — is the party you are talking to really the owner of that domain? Answered by certificates and PKI. (Chapter 4)
2. Is the content secret?
Confidentiality — can a third party on the path read it? Answered by key agreement and symmetric encryption. (Chapters 2–3)
3. Has it been tampered with?
Integrity — was the content modified in transit? Answered by hashes and authenticated encryption. (Chapters 2 and 5)

The course motto: when you see a padlock or a certificate error, don't stop there — ask: what is missing right now — the peer check, the secrecy, or the tamper detection?

Chapters

How to take this course

  1. Go in the order text → the quiz right below it. Answering immediately after reading beats saving questions for later.
  2. Don't do the Chapter 3 calculations in your head — write out the powers and the mod steps on paper. The feel of "what the eavesdropper sees and cannot see" comes through your hands.
  3. Try the Chapter 3 simulator both before and after the quiz. The numbers turn into intuition.
  4. If a Chapter 7 case stumps you, go back to the matching chapter for a quick review. No need to redo everything.

Prerequisites

  • Having used websites or apps is enough. Server-operations experience is not required.
  • If you can compute powers (23 = 8) and remainders, you can handle the hand calculations in Chapter 3.
  • No deep cryptography theory. We stay at the level of "what problem does this tool solve" and never enter the mathematics of RSA or elliptic curves.