Rebuilding TLS, Part 1 — A Fake Secure Channel

A year ago I wrote a series about how a web server works. I started from a very primitive version and step by step moved toward the same core ideas modern production servers rely on. When I finished that series, I thought the next step would be small. Wrap it in TLS. Make the communication secure. It did not stay small for long. What looked like a thin security layer on top of an existing server turned into a much deeper journey into cryptography, authentication, trust, certificates, protocol design, and many details usually hidden behind one familiar phrase: secure connection . So this series is my attempt to approach TLS the same way I approached the web server: not as a finished black box, but as something we can rebuild from simpler pieces until its shape starts to make sense. In this first part, we will start with the most naive version of the problem. We will build a very simple socket-based communication channel, see that it is fully transparent, wrap it in encryption with a sha