{"id":15116,"date":"2025-12-18T10:22:11","date_gmt":"2025-12-18T07:22:11","guid":{"rendered":"https:\/\/www.ihs.com.tr\/blog\/?p=15116"},"modified":"2025-12-18T10:25:39","modified_gmt":"2025-12-18T07:25:39","slug":"ssl-tls-handshake-nedir-ve-nasil-calisir","status":"publish","type":"post","link":"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/","title":{"rendered":"SSL\/TLS &#8220;Handshake&#8221; Nedir ve Nas\u0131l \u00c7al\u0131\u015f\u0131r?"},"content":{"rendered":"<p>\u0130nternet \u00fczerinde her g\u00fcn milyarlarca veri al\u0131\u015fveri\u015fi ger\u00e7ekle\u015fir. \u00c7evrimi\u00e7i al\u0131\u015fveri\u015f yaparken kredi kart\u0131 bilgilerinizi girmekten, sosyal medya hesab\u0131n\u0131za giri\u015f yapmaya kadar t\u00fcm bu i\u015flemler, verilerinizin g\u00fcvenli bir \u015fekilde iletilmesini gerektirir. \u0130\u015fte bu g\u00fcvenli ileti\u015fimin temel ta\u015f\u0131, SSL\/TLS &#8220;handshake&#8221; olarak bilinen dijital el s\u0131k\u0131\u015fma s\u00fcrecidir. Bu s\u00fcre\u00e7, taray\u0131c\u0131n\u0131z ile ba\u011fland\u0131\u011f\u0131n\u0131z web sunucusu aras\u0131nda g\u00fcvenli, \u015fifreli bir ileti\u015fim kanal\u0131 kurarak hassas bilgilerinizin \u00fc\u00e7\u00fcnc\u00fc \u015fah\u0131slar\u0131n eline ge\u00e7mesini engeller. Bu makalede, SSL\/TLS handshake&#8217;in ne oldu\u011funu, neden bu kadar \u00f6nemli oldu\u011funu ve bu karma\u015f\u0131k s\u00fcrecin perde arkas\u0131nda nas\u0131l \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 ad\u0131m ad\u0131m inceleyece\u011fiz.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_77 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">\u0130\u00e7erik Tablosu<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-69fea5940499a\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\" id=\"ez-toc-cssicon-toggle-item-69fea5940499a\" aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#SSLTLS-ve-Internet-Guvenligine-Giris\" >SSL\/TLS ve \u0130nternet G\u00fcvenli\u011fine Giri\u015f<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#SSLTLS-Protokolu-Nedir\" >SSL\/TLS Protokol\u00fc Nedir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Guvenli-Bir-Baglanti-Neden-Onemlidir\" >G\u00fcvenli Bir Ba\u011flant\u0131 Neden \u00d6nemlidir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#%E2%80%9CHandshake%E2%80%9D-El-Sikisma-Kavraminin-Anlami-ve-Rolu\" >&#8220;Handshake&#8221; (El S\u0131k\u0131\u015fma) Kavram\u0131n\u0131n Anlam\u0131 ve Rol\u00fc<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#SSLTLS-Handshakein-Temel-Amaclari\" >SSL\/TLS Handshake&#8217;in Temel Ama\u00e7lar\u0131<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Sunucu-Kimliginin-Dogrulanmasi-Authentication\" >Sunucu Kimli\u011finin Do\u011frulanmas\u0131 (Authentication)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Sifreleme-Parametreleri-Uzerinde-Anlasma-Negotiation\" >\u015eifreleme Parametreleri \u00dczerinde Anla\u015fma (Negotiation)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Guvenli-Bir-Oturum-Anahtari-Olusturulmasi-Key-Exchange\" >G\u00fcvenli Bir Oturum Anahtar\u0131 Olu\u015fturulmas\u0131 (Key Exchange)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Adim-Adim-Klasik-Handshake-Sureci-TLS-12-ve-Oncesi\" >Ad\u0131m Ad\u0131m Klasik Handshake S\u00fcreci (TLS 1.2 ve \u00d6ncesi)<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Adim-1-Client-Hello-Istemci-Merhaba-Mesaji\" >Ad\u0131m 1: Client Hello (\u0130stemci Merhaba Mesaj\u0131)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Adim-2-Server-Hello-Sunucu-Merhaba-Mesaji\" >Ad\u0131m 2: Server Hello (Sunucu Merhaba Mesaj\u0131)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Adim-3-Certificate-Sunucu-Sertifikasinin-Gonderilmesi\" >Ad\u0131m 3: Certificate (Sunucu Sertifikas\u0131n\u0131n G\u00f6nderilmesi)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Adim-4-Server-Key-Exchange-Sunucu-Anahtar-Degisimi\" >Ad\u0131m 4: Server Key Exchange (Sunucu Anahtar De\u011fi\u015fimi)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Adim-5-Server-Hello-Done-Sunucu-Merhaba-Islemi-Tamamlandi\" >Ad\u0131m 5: Server Hello Done (Sunucu Merhaba \u0130\u015flemi Tamamland\u0131)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Adim-6-Client-Key-Exchange-Istemci-Anahtar-Degisimi\" >Ad\u0131m 6: Client Key Exchange (\u0130stemci Anahtar De\u011fi\u015fimi)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Adim-7-Change-Cipher-Spec-Sifreleme-Ozelliklerini-Degistir\" >Ad\u0131m 7: Change Cipher Spec (\u015eifreleme \u00d6zelliklerini De\u011fi\u015ftir)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Adim-8-Finished-El-Sikisma-Tamamlandi\" >Ad\u0131m 8: Finished (El S\u0131k\u0131\u015fma Tamamland\u0131)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Handshake-Surecinin-Kriptografik-Bilesenleri\" >Handshake S\u00fcrecinin Kriptografik Bile\u015fenleri<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Asimetrik-Sifreleme-Acik-ve-Ozel-Anahtar\" >Asimetrik \u015eifreleme (A\u00e7\u0131k ve \u00d6zel Anahtar)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Simetrik-Sifreleme-Oturum-Anahtari\" >Simetrik \u015eifreleme (Oturum Anahtar\u0131)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#SSLTLS-Sertifikasi-ve-Sertifika-Otoritesi-CA\" >SSL\/TLS Sertifikas\u0131 ve Sertifika Otoritesi (CA)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Cipher-Suite-Sifreleme-Paketi-Nedir-ve-Nasil-Secilir\" >Cipher Suite (\u015eifreleme Paketi) Nedir ve Nas\u0131l Se\u00e7ilir?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Modern-Handshake-TLS-13-ile-Gelen-Degisiklikler-ve-Avantajlar\" >Modern Handshake: TLS 1.3 ile Gelen De\u011fi\u015fiklikler ve Avantajlar<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Hiz-ve-Performans-Azaltilmis-Gidis-Donus-Suresi-Round-Trip-Time\" >H\u0131z ve Performans: Azalt\u0131lm\u0131\u015f Gidi\u015f-D\u00f6n\u00fc\u015f S\u00fcresi (Round Trip Time)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Gelismis-Guvenlik-Zayif-Kriptografik-Algoritmalarin-Kaldirilmasi\" >Geli\u015fmi\u015f G\u00fcvenlik: Zay\u0131f Kriptografik Algoritmalar\u0131n Kald\u0131r\u0131lmas\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#TLS-12-ve-TLS-13-Handshake-Surecleri-Arasindaki-Temel-Farklar\" >TLS 1.2 ve TLS 1.3 Handshake S\u00fcre\u00e7leri Aras\u0131ndaki Temel Farklar<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#SSL-ve-TLS-Arasindaki-Farklar\" >SSL ve TLS Aras\u0131ndaki Farklar<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Tarihsel-Gelisim-SSLden-TLSe-Evrim\" >Tarihsel Geli\u015fim: SSL&#8217;den TLS&#8217;e Evrim<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Guvenlik-Aciklari-ve-Versiyonlarin-Onemi\" >G\u00fcvenlik A\u00e7\u0131klar\u0131 ve Versiyonlar\u0131n \u00d6nemi<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-30\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Gunumuzde-Hangi-Protokol-ve-Versiyonlar-Kullanilmalidir\" >G\u00fcn\u00fcm\u00fczde Hangi Protokol ve Versiyonlar Kullan\u0131lmal\u0131d\u0131r?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-31\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#SSLTLS-Handshake-Hatalari-ve-Nedenleri\" >SSL\/TLS Handshake Hatalar\u0131 ve Nedenleri<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-32\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Sertifika-Gecersizligi-veya-Suresinin-Dolmasi\" >Sertifika Ge\u00e7ersizli\u011fi veya S\u00fcresinin Dolmas\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-33\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Protokol-Versiyonu-Uyusmazligi\" >Protokol Versiyonu Uyu\u015fmazl\u0131\u011f\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-34\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Cipher-Suite-Uyusmazligi\" >Cipher Suite Uyu\u015fmazl\u0131\u011f\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-35\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#Yanlis-Sunucu-veya-Istemci-Yapilandirmasi\" >Yanl\u0131\u015f Sunucu veya \u0130stemci Yap\u0131land\u0131rmas\u0131<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-36\" href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-tls-handshake-nedir-ve-nasil-calisir\/#SSLTLS-Sertifikasi-Ihtiyaclariniz-Icin-Neden-IHS-Telekomu-Tercih-Etmelisiniz\" >SSL\/TLS Sertifikas\u0131 \u0130htiya\u00e7lar\u0131n\u0131z \u0130\u00e7in Neden \u0130HS Telekom&#8217;u Tercih Etmelisiniz?<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"SSLTLS-ve-Internet-Guvenligine-Giris\"><\/span>SSL\/TLS ve \u0130nternet G\u00fcvenli\u011fine Giri\u015f<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>G\u00fcn\u00fcm\u00fcz dijital d\u00fcnyas\u0131nda internet g\u00fcvenli\u011fi, hem bireysel kullan\u0131c\u0131lar hem de kurumlar i\u00e7in en \u00f6ncelikli konulardan biridir. SSL (Secure Sockets Layer) ve onun modern versiyonu olan TLS (Transport Layer Security) protokolleri, bu g\u00fcvenli\u011fin sa\u011flanmas\u0131nda merkezi bir rol oynar. Bu protokoller, internet \u00fczerindeki veri ileti\u015fimini \u015fifreleyerek gizlili\u011fi ve b\u00fct\u00fcnl\u00fc\u011f\u00fc temin eder.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"SSLTLS-Protokolu-Nedir\"><\/span>SSL\/TLS Protokol\u00fc Nedir?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>SSL\/TLS, bir istemci (genellikle bir web taray\u0131c\u0131s\u0131) ile bir sunucu (bir web sitesini bar\u0131nd\u0131ran bilgisayar) aras\u0131nda \u015fifreli bir ba\u011flant\u0131 kurmak i\u00e7in tasarlanm\u0131\u015f kriptografik bir protokold\u00fcr. Bu protokol, g\u00f6nderilen ve al\u0131nan t\u00fcm verilerin \u015fifrelenmesini sa\u011flayarak, verilerin yetkisiz ki\u015filer taraf\u0131ndan okunmas\u0131n\u0131 veya de\u011fi\u015ftirilmesini \u00f6nler. Bir web sitesinin URL&#8217;sinin &#8220;http&#8221; yerine &#8220;https&#8221; ile ba\u015flamas\u0131 ve taray\u0131c\u0131da bir kilit simgesinin g\u00f6r\u00fcnmesi, o sitenin SSL\/TLS kulland\u0131\u011f\u0131n\u0131n bir g\u00f6stergesidir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Guvenli-Bir-Baglanti-Neden-Onemlidir\"><\/span>G\u00fcvenli Bir Ba\u011flant\u0131 Neden \u00d6nemlidir?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>G\u00fcvenli bir ba\u011flant\u0131, kullan\u0131c\u0131lar\u0131n ki\u015fisel bilgileri, parolalar\u0131, kredi kart\u0131 numaralar\u0131 gibi hassas verilerinin korunmas\u0131 i\u00e7in hayati \u00f6nem ta\u015f\u0131r. \u015eifrelenmemi\u015f bir ba\u011flant\u0131da, bu bilgiler &#8220;d\u00fcz metin&#8221; olarak iletilir ve ayn\u0131 a\u011fdaki k\u00f6t\u00fc niyetli ki\u015filer taraf\u0131ndan kolayca ele ge\u00e7irilebilir. G\u00fcvenli bir ba\u011flant\u0131; veri gizlili\u011fini sa\u011flar, veri b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc (verinin yolda de\u011fi\u015ftirilmedi\u011fini) garanti eder ve kimlik do\u011frulama (do\u011fru sunucuyla ileti\u015fim kurdu\u011funuzdan emin olma) mekanizmas\u0131 sunar. Bu, \u00f6zellikle e-ticaret siteleri, online bankac\u0131l\u0131k platformlar\u0131 ve ki\u015fisel veri toplayan t\u00fcm web siteleri i\u00e7in vazge\u00e7ilmezdir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"%E2%80%9CHandshake%E2%80%9D-El-Sikisma-Kavraminin-Anlami-ve-Rolu\"><\/span>&#8220;Handshake&#8221; (El S\u0131k\u0131\u015fma) Kavram\u0131n\u0131n Anlam\u0131 ve Rol\u00fc<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>SSL\/TLS Handshake, g\u00fcvenli bir ileti\u015fim oturumu ba\u015flat\u0131lmadan \u00f6nce istemci ve sunucu aras\u0131nda ger\u00e7ekle\u015fen bir dizi ad\u0131md\u0131r. T\u0131pk\u0131 iki insan\u0131n tan\u0131\u015f\u0131p anla\u015fmaya varmas\u0131 gibi, bu dijital &#8220;el s\u0131k\u0131\u015fma&#8221; da taraflar\u0131n birbirlerini tan\u0131mas\u0131n\u0131, hangi \u015fifreleme y\u00f6ntemlerini kullanacaklar\u0131 konusunda anla\u015fmalar\u0131n\u0131 ve g\u00fcvenli veri al\u0131\u015fveri\u015fi i\u00e7in gerekli olan gizli anahtarlar\u0131 olu\u015fturmalar\u0131n\u0131 sa\u011flar. Handshake s\u00fcreci ba\u015far\u0131yla tamamland\u0131\u011f\u0131nda, istemci ve sunucu aras\u0131nda g\u00fcvenli bir t\u00fcnel olu\u015fturulur ve as\u0131l veri aktar\u0131m\u0131 bu t\u00fcnel \u00fczerinden ba\u015flar. Bu s\u00fcre\u00e7, g\u00fcvenli bir ba\u011flant\u0131n\u0131n temelini atar.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"SSLTLS-Handshakein-Temel-Amaclari\"><\/span>SSL\/TLS Handshake&#8217;in Temel Ama\u00e7lar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>SSL\/TLS handshake s\u00fcreci, rastgele bir dizi mesajla\u015fmadan ibaret de\u011fildir. Aksine, g\u00fcvenli bir ileti\u015fim kanal\u0131n\u0131n temelini olu\u015fturan \u00fc\u00e7 kritik amac\u0131 yerine getirmek \u00fczere dikkatlice tasarlanm\u0131\u015ft\u0131r. Bu ama\u00e7lar, internet \u00fczerinden yap\u0131lan ileti\u015fimin gizli, g\u00fcvenilir ve b\u00fct\u00fcnl\u00fckl\u00fc olmas\u0131n\u0131 sa\u011flar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sunucu-Kimliginin-Dogrulanmasi-Authentication\"><\/span>Sunucu Kimli\u011finin Do\u011frulanmas\u0131 (Authentication)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Handshake&#8217;in ilk ve en \u00f6nemli ama\u00e7lar\u0131ndan biri, istemcinin (taray\u0131c\u0131n\u0131z\u0131n) do\u011fru sunucuya ba\u011fland\u0131\u011f\u0131ndan emin olmakt\u0131r. \u0130nternet ortam\u0131nda, doland\u0131r\u0131c\u0131lar me\u015fru bir web sitesini taklit ederek (phishing) kullan\u0131c\u0131lar\u0131n bilgilerini \u00e7almaya \u00e7al\u0131\u015fabilir. Sunucu kimlik do\u011frulamas\u0131, bu t\u00fcr sald\u0131r\u0131lar\u0131 \u00f6nler. S\u00fcre\u00e7 s\u0131ras\u0131nda sunucu, g\u00fcvenilir bir Sertifika Otoritesi (CA) taraf\u0131ndan verilmi\u015f olan <a href=\"https:\/\/www.ihs.com.tr\/blog\/ssl-sertifikasi-nedir-onemlidir\/\">SSL sertifikas\u0131n\u0131<\/a> istemciye sunar. Taray\u0131c\u0131, bu sertifikan\u0131n ge\u00e7erlili\u011fini, s\u00fcresinin dolup dolmad\u0131\u011f\u0131n\u0131 ve ger\u00e7ekten ba\u011fland\u0131\u011f\u0131 alan ad\u0131na ait olup olmad\u0131\u011f\u0131n\u0131 kontrol eder. Bu do\u011frulama ad\u0131m\u0131, sahte bir siteye de\u011fil, ger\u00e7ek ve me\u015fru sunucuya ba\u011fland\u0131\u011f\u0131n\u0131z\u0131n garantisidir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sifreleme-Parametreleri-Uzerinde-Anlasma-Negotiation\"><\/span>\u015eifreleme Parametreleri \u00dczerinde Anla\u015fma (Negotiation)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0130stemci ve sunucu, farkl\u0131 i\u015fletim sistemlerine ve yaz\u0131l\u0131m versiyonlar\u0131na sahip olabilir. Bu nedenle, her ikisinin de destekledi\u011fi ortak bir \u015fifreleme dili bulmalar\u0131 gerekir. Handshake s\u0131ras\u0131nda, istemci destekledi\u011fi t\u00fcm \u015fifreleme paketlerinin (cipher suites) bir listesini sunucuya g\u00f6nderir. Sunucu bu listeyi inceler ve kendi destekledi\u011fi en g\u00fc\u00e7l\u00fc ve g\u00fcvenli \u015fifreleme paketini se\u00e7erek istemciye bildirir. Bu anla\u015fma s\u00fcreci, her iki taraf\u0131n da anlayabilece\u011fi ve uygulayabilece\u011fi bir kriptografik algoritma seti \u00fczerinde mutab\u0131k kal\u0131nmas\u0131n\u0131 sa\u011flar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Guvenli-Bir-Oturum-Anahtari-Olusturulmasi-Key-Exchange\"><\/span>G\u00fcvenli Bir Oturum Anahtar\u0131 Olu\u015fturulmas\u0131 (Key Exchange)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Kimlik do\u011frulama ve \u015fifreleme parametreleri \u00fczerinde anla\u015f\u0131ld\u0131ktan sonra, son ve en kritik ad\u0131m, as\u0131l veri ileti\u015fimini \u015fifrelemek i\u00e7in kullan\u0131lacak olan oturum anahtar\u0131n\u0131n (session key) olu\u015fturulmas\u0131d\u0131r. Bu anahtar, sadece o anki oturum i\u00e7in ge\u00e7erli olan ve simetrik \u015fifreleme i\u00e7in kullan\u0131lacak tek bir gizli anahtard\u0131r. Handshake s\u0131ras\u0131nda, taraflar asimetrik \u015fifreleme (a\u00e7\u0131k ve \u00f6zel anahtar \u00e7ifti) kullanarak bu oturum anahtar\u0131n\u0131 g\u00fcvenli bir \u015fekilde birbirlerine iletirler. Oturum anahtar\u0131 olu\u015fturulduktan ve her iki taraf\u00e7a da bilindikten sonra handshake s\u00fcreci tamamlan\u0131r ve t\u00fcm veri ak\u0131\u015f\u0131 bu anahtar ile \u015fifrelenerek korunur.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Adim-Adim-Klasik-Handshake-Sureci-TLS-12-ve-Oncesi\"><\/span>Ad\u0131m Ad\u0131m Klasik Handshake S\u00fcreci (TLS 1.2 ve \u00d6ncesi)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>TLS 1.2 ve daha eski versiyonlar\u0131ndaki handshake s\u00fcreci, istemci ve sunucu aras\u0131nda g\u00fcvenli bir kanal olu\u015fturmak i\u00e7in birden fazla gidi\u015f-d\u00f6n\u00fc\u015f (round trip) gerektiren, dikkatlice s\u0131ralanm\u0131\u015f ad\u0131mlardan olu\u015fur. Bu s\u00fcre\u00e7, taraflar\u0131n birbirlerini tan\u0131mas\u0131n\u0131, kurallar\u0131 belirlemesini ve g\u00fcvenli ileti\u015fim i\u00e7in gerekli anahtarlar\u0131 olu\u015fturmas\u0131n\u0131 sa\u011flar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Adim-1-Client-Hello-Istemci-Merhaba-Mesaji\"><\/span>Ad\u0131m 1: Client Hello (\u0130stemci Merhaba Mesaj\u0131)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>S\u00fcre\u00e7, istemcinin (taray\u0131c\u0131n\u0131z\u0131n) sunucuya bir &#8220;Client Hello&#8221; mesaj\u0131 g\u00f6ndermesiyle ba\u015flar. Bu ilk mesaj, el s\u0131k\u0131\u015fman\u0131n temelini olu\u015fturacak \u00f6nemli bilgiler i\u00e7erir:<\/p>\n<ul>\n<li><b>TLS Versiyonu:<\/b> \u0130stemcinin destekledi\u011fi en y\u00fcksek TLS versiyonu.<\/li>\n<li><b>Rastgele Say\u0131:<\/b> Daha sonra oturum anahtar\u0131n\u0131 olu\u015fturmak i\u00e7in kullan\u0131lacak, istemci taraf\u0131ndan \u00fcretilen 32 byte&#8217;l\u0131k rastgele bir veri.<\/li>\n<li><b>Oturum Kimli\u011fi (Session ID):<\/b> E\u011fer daha \u00f6nce bu sunucuyla bir oturum kurulmu\u015fsa, el s\u0131k\u0131\u015fmay\u0131 h\u0131zland\u0131rmak i\u00e7in bu kimlik g\u00f6nderilebilir.<\/li>\n<li><b>Cipher Suites Listesi:<\/b> \u0130stemcinin destekledi\u011fi \u015fifreleme paketlerinin (algoritma kombinasyonlar\u0131n\u0131n) \u00f6ncelik s\u0131ras\u0131na g\u00f6re listesi.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Adim-2-Server-Hello-Sunucu-Merhaba-Mesaji\"><\/span>Ad\u0131m 2: Server Hello (Sunucu Merhaba Mesaj\u0131)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sunucu, &#8220;Client Hello&#8221; mesaj\u0131n\u0131 ald\u0131ktan sonra, istemcinin tekliflerine kendi &#8220;Server Hello&#8221; mesaj\u0131yla yan\u0131t verir. Bu mesaj \u015funlar\u0131 i\u00e7erir:<\/p>\n<ul>\n<li><b>Se\u00e7ilen TLS Versiyonu:<\/b> \u0130stemcinin listesinden, sunucunun da destekledi\u011fi en y\u00fcksek TLS versiyonu.<\/li>\n<li><b>Rastgele Say\u0131:<\/b> Sunucu taraf\u0131ndan \u00fcretilen, oturum anahtar\u0131 olu\u015fturmada kullan\u0131lacak 32 byte&#8217;l\u0131k ikinci bir rastgele veri.<\/li>\n<li><b>Oturum Kimli\u011fi:<\/b> Yeni olu\u015fturulan oturum i\u00e7in bir kimlik.<\/li>\n<li><b>Se\u00e7ilen Cipher Suite:<\/b> \u0130stemcinin listesinden, sunucunun tercih etti\u011fi ve destekledi\u011fi tek bir \u015fifreleme paketi.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Adim-3-Certificate-Sunucu-Sertifikasinin-Gonderilmesi\"><\/span>Ad\u0131m 3: Certificate (Sunucu Sertifikas\u0131n\u0131n G\u00f6nderilmesi)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sunucu, kimli\u011fini do\u011frulamak i\u00e7in SSL sertifikas\u0131n\u0131 istemciye g\u00f6nderir. Bu sertifika, alan ad\u0131n\u0131, sahibi olan kurumu, a\u00e7\u0131k anahtar\u0131 (public key) ve sertifikay\u0131 veren Sertifika Otoritesi&#8217;nin (CA) dijital imzas\u0131n\u0131 i\u00e7erir. \u0130stemci, bu sertifikan\u0131n g\u00fcvenilir bir CA taraf\u0131ndan imzaland\u0131\u011f\u0131n\u0131 ve ge\u00e7erli oldu\u011funu kontrol eder.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Adim-4-Server-Key-Exchange-Sunucu-Anahtar-Degisimi\"><\/span>Ad\u0131m 4: Server Key Exchange (Sunucu Anahtar De\u011fi\u015fimi)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Bu ad\u0131m her zaman gerekli de\u011fildir. Sadece sunucunun sertifikas\u0131ndaki a\u00e7\u0131k anahtar\u0131n, oturum anahtar\u0131 de\u011fi\u015fimi i\u00e7in yeterli olmad\u0131\u011f\u0131 durumlarda (\u00f6rne\u011fin, Diffie-Hellman anahtar de\u011fi\u015fim algoritmas\u0131 kullan\u0131l\u0131yorsa) kullan\u0131l\u0131r. Sunucu, oturum anahtar\u0131n\u0131 olu\u015fturmak i\u00e7in gereken ek kriptografik bilgileri bu mesajla g\u00f6nderir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Adim-5-Server-Hello-Done-Sunucu-Merhaba-Islemi-Tamamlandi\"><\/span>Ad\u0131m 5: Server Hello Done (Sunucu Merhaba \u0130\u015flemi Tamamland\u0131)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sunucu, el s\u0131k\u0131\u015fman\u0131n kendi taraf\u0131ndaki ilk b\u00f6l\u00fcm\u00fcn\u00fc tamamlad\u0131\u011f\u0131n\u0131 ve \u015fimdi s\u0131ran\u0131n istemcide oldu\u011funu bildirmek i\u00e7in bu k\u0131sa mesaj\u0131 g\u00f6nderir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Adim-6-Client-Key-Exchange-Istemci-Anahtar-Degisimi\"><\/span>Ad\u0131m 6: Client Key Exchange (\u0130stemci Anahtar De\u011fi\u015fimi)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0130stemci, sunucunun sertifikas\u0131n\u0131 ve di\u011fer mesajlar\u0131 do\u011frulad\u0131ktan sonra, oturum anahtar\u0131n\u0131n temelini olu\u015fturacak olan &#8220;pre-master secret&#8221; ad\u0131 verilen bir gizli veri olu\u015fturur. Bu veriyi, sunucunun sertifikas\u0131ndan ald\u0131\u011f\u0131 a\u00e7\u0131k anahtar ile \u015fifreleyerek sunucuya g\u00f6nderir. Sadece sunucunun sahip oldu\u011fu \u00f6zel anahtar (private key) bu mesaj\u0131 \u00e7\u00f6zebilir. Art\u0131k hem istemci hem de sunucu, &#8220;pre-master secret&#8221; ve daha \u00f6nce payla\u015f\u0131lan iki rastgele say\u0131y\u0131 kullanarak ayn\u0131 oturum anahtar\u0131n\u0131 ba\u011f\u0131ms\u0131z olarak hesaplayabilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Adim-7-Change-Cipher-Spec-Sifreleme-Ozelliklerini-Degistir\"><\/span>Ad\u0131m 7: Change Cipher Spec (\u015eifreleme \u00d6zelliklerini De\u011fi\u015ftir)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0130stemci, bu mesaj\u0131 g\u00f6ndererek bundan sonraki t\u00fcm ileti\u015fimin, \u00fczerinde anla\u015f\u0131lan \u015fifreleme paketi ve yeni olu\u015fturulan oturum anahtar\u0131 ile \u015fifrelenece\u011fini sunucuya bildirir. Sunucu da ayn\u0131 \u015fekilde bir &#8220;Change Cipher Spec&#8221; mesaj\u0131 g\u00f6nderir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Adim-8-Finished-El-Sikisma-Tamamlandi\"><\/span>Ad\u0131m 8: Finished (El S\u0131k\u0131\u015fma Tamamland\u0131)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Son olarak, her iki taraf da o ana kadar g\u00f6nderilip al\u0131nan t\u00fcm handshake mesajlar\u0131n\u0131n bir \u00f6zetini (hash) hesaplar, bunu yeni oturum anahtar\u0131yla \u015fifreler ve birbirine g\u00f6nderir. Bu &#8220;Finished&#8221; mesaj\u0131, taraflar\u0131n mesajlar\u0131n yolda de\u011fi\u015ftirilmedi\u011fini ve el s\u0131k\u0131\u015fma s\u00fcrecinin ba\u015far\u0131yla tamamland\u0131\u011f\u0131n\u0131 do\u011frulamalar\u0131n\u0131 sa\u011flar. Bu ad\u0131mdan sonra, g\u00fcvenli uygulama verisi (\u00f6rne\u011fin HTTP istekleri ve yan\u0131tlar\u0131) aktar\u0131lmaya ba\u015flar.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Handshake-Surecinin-Kriptografik-Bilesenleri\"><\/span>Handshake S\u00fcrecinin Kriptografik Bile\u015fenleri<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>SSL\/TLS handshake s\u00fcrecinin g\u00fcvenli\u011fi, temelinde yatan g\u00fc\u00e7l\u00fc kriptografik bile\u015fenlere dayan\u0131r. Bu bile\u015fenler, kimlik do\u011frulama, anahtar de\u011fi\u015fimi ve veri \u015fifreleme gibi kritik g\u00f6revleri yerine getirmek i\u00e7in birlikte \u00e7al\u0131\u015f\u0131r. Bu teknolojileri anlamak, handshake&#8217;in neden bu kadar g\u00fcvenli oldu\u011funu kavramam\u0131za yard\u0131mc\u0131 olur.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Asimetrik-Sifreleme-Acik-ve-Ozel-Anahtar\"><\/span>Asimetrik \u015eifreleme (A\u00e7\u0131k ve \u00d6zel Anahtar)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Asimetrik \u015fifreleme, veya di\u011fer ad\u0131yla a\u00e7\u0131k anahtarl\u0131 kriptografi, matematiksel olarak birbirine ba\u011fl\u0131 bir anahtar \u00e7ifti kullan\u0131r: bir a\u00e7\u0131k anahtar (public key) ve bir \u00f6zel anahtar (private key). Ad\u0131ndan da anla\u015f\u0131laca\u011f\u0131 gibi a\u00e7\u0131k anahtar herkesle payla\u015f\u0131labilirken, \u00f6zel anahtar kesinlikle gizli tutulmal\u0131d\u0131r. Bu sistemin temel prensibi \u015fudur:<\/p>\n<ul>\n<li><b>\u015eifreleme:<\/b> Bir a\u00e7\u0131k anahtar ile \u015fifrelenen bir mesaj, yaln\u0131zca o anahtar\u0131n kar\u015f\u0131l\u0131\u011f\u0131 olan \u00f6zel anahtar ile \u00e7\u00f6z\u00fclebilir.<\/li>\n<li><b>Dijital \u0130mza:<\/b> Bir \u00f6zel anahtar ile imzalanan bir mesaj\u0131n do\u011frulu\u011fu, o anahtar\u0131n kar\u015f\u0131l\u0131\u011f\u0131 olan a\u00e7\u0131k anahtar kullan\u0131larak teyit edilebilir.<\/li>\n<\/ul>\n<p>SSL\/TLS handshake s\u0131ras\u0131nda asimetrik \u015fifreleme, sunucu kimli\u011fini do\u011frulamak (sunucu, sertifikas\u0131ndaki a\u00e7\u0131k anahtara kar\u015f\u0131l\u0131k gelen \u00f6zel anahtara sahip oldu\u011funu kan\u0131tlar) ve daha sonra kullan\u0131lacak olan simetrik oturum anahtar\u0131n\u0131 g\u00fcvenli bir \u015fekilde de\u011fi\u015ftirmek i\u00e7in kullan\u0131l\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Simetrik-Sifreleme-Oturum-Anahtari\"><\/span>Simetrik \u015eifreleme (Oturum Anahtar\u0131)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Simetrik \u015fifreleme, hem \u015fifreleme hem de \u015fifre \u00e7\u00f6zme i\u015flemleri i\u00e7in ayn\u0131 anahtar\u0131 (oturum anahtar\u0131 veya session key) kullan\u0131r. Asimetrik \u015fifrelemeye g\u00f6re \u00e7ok daha h\u0131zl\u0131 ve verimlidir. Bu nedenle, handshake s\u00fcreci tamamland\u0131ktan ve g\u00fcvenli bir oturum anahtar\u0131 olu\u015fturulduktan sonra, istemci ve sunucu aras\u0131ndaki t\u00fcm veri al\u0131\u015fveri\u015fi (web sayfas\u0131 i\u00e7eri\u011fi, form verileri vb.) simetrik \u015fifreleme kullan\u0131larak korunur. Handshake&#8217;in temel ama\u00e7lar\u0131ndan biri, bu h\u0131zl\u0131 ve verimli \u015fifreleme t\u00fcr\u00fc i\u00e7in kullan\u0131lacak olan tek ve gizli oturum anahtar\u0131n\u0131 g\u00fcvenli bir \u015fekilde olu\u015fturmakt\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"SSLTLS-Sertifikasi-ve-Sertifika-Otoritesi-CA\"><\/span>SSL\/TLS Sertifikas\u0131 ve Sertifika Otoritesi (CA)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Bir SSL\/TLS sertifikas\u0131, bir web sitesinin kimli\u011fini do\u011frulayan dijital bir belgedir. T\u0131pk\u0131 bir pasaport gibi, bir alan ad\u0131n\u0131n (domain) kime ait oldu\u011funu ve sunucunun a\u00e7\u0131k anahtar\u0131n\u0131 i\u00e7erir. Ancak bu bilgilere herkesin g\u00fcvenmesi i\u00e7in, sertifikan\u0131n d\u00fcnya \u00e7ap\u0131nda tan\u0131nan ve g\u00fcvenilen bir \u00fc\u00e7\u00fcnc\u00fc taraf olan Sertifika Otoritesi (CA) taraf\u0131ndan dijital olarak imzalanmas\u0131 gerekir. Taray\u0131c\u0131n\u0131z, g\u00fcvendi\u011fi CA&#8217;lar\u0131n bir listesiyle birlikte gelir. Bir siteye ba\u011fland\u0131\u011f\u0131nda, sitenin sundu\u011fu sertifikan\u0131n bu g\u00fcvenilir otoritelerden biri taraf\u0131ndan imzalan\u0131p imzalanmad\u0131\u011f\u0131n\u0131 kontrol eder. Bu mekanizma, &#8220;ortadaki adam&#8221; (man-in-the-middle) sald\u0131r\u0131lar\u0131n\u0131 \u00f6nleyerek do\u011fru sunucuya ba\u011fland\u0131\u011f\u0131n\u0131zdan emin olman\u0131z\u0131 sa\u011flar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Cipher-Suite-Sifreleme-Paketi-Nedir-ve-Nasil-Secilir\"><\/span>Cipher Suite (\u015eifreleme Paketi) Nedir ve Nas\u0131l Se\u00e7ilir?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Cipher suite, g\u00fcvenli bir ba\u011flant\u0131 kurmak i\u00e7in kullan\u0131lacak kriptografik algoritmalar\u0131n bir setidir. Her \u015fifreleme paketi, a\u015fa\u011f\u0131daki g\u00f6revler i\u00e7in belirli algoritmalar\u0131 tan\u0131mlar:<\/p>\n<ul>\n<li><b>Anahtar De\u011fi\u015fim Algoritmas\u0131:<\/b> Oturum anahtar\u0131n\u0131n nas\u0131l olu\u015fturulaca\u011f\u0131n\u0131 belirler (\u00f6rn. RSA, Diffie-Hellman).<\/li>\n<li><b>Kimlik Do\u011frulama Algoritmas\u0131:<\/b> Sunucu kimli\u011finin nas\u0131l do\u011frulanaca\u011f\u0131n\u0131 belirler (\u00f6rn. RSA, ECDSA).<\/li>\n<li><b>Toplu \u015eifreleme Algoritmas\u0131:<\/b> As\u0131l veri ak\u0131\u015f\u0131n\u0131 \u015fifrelemek i\u00e7in kullan\u0131lacak simetrik algoritmay\u0131 belirler (\u00f6rn. AES, 3DES).<\/li>\n<li><b>Mesaj Do\u011frulama Kodu (MAC) Algoritmas\u0131:<\/b> Veri b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc sa\u011flamak i\u00e7in kullan\u0131lacak algoritmay\u0131 belirler (\u00f6rn. SHA-256, SHA-384).<\/li>\n<\/ul>\n<p>Handshake&#8217;in ba\u015f\u0131nda, istemci destekledi\u011fi t\u00fcm \u015fifreleme paketlerini bir liste halinde sunucuya g\u00f6nderir. Sunucu, bu listeyi kendi destekledi\u011fi paketlerle kar\u015f\u0131la\u015ft\u0131r\u0131r ve en g\u00fcvenli ve en g\u00fc\u00e7l\u00fc olarak yap\u0131land\u0131rd\u0131\u011f\u0131 ortak paketi se\u00e7er. Bu se\u00e7im s\u00fcreci, hem g\u00fcvenlik hem de uyumluluk a\u00e7\u0131s\u0131ndan kritik bir rol oynar.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Modern-Handshake-TLS-13-ile-Gelen-Degisiklikler-ve-Avantajlar\"><\/span>Modern Handshake: TLS 1.3 ile Gelen De\u011fi\u015fiklikler ve Avantajlar<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0130nternet standartlar\u0131n\u0131n geli\u015fimiyle birlikte, SSL\/TLS protokol\u00fc de daha h\u0131zl\u0131, daha g\u00fcvenli ve daha verimli hale gelmi\u015ftir. 2018&#8217;de standartla\u015ft\u0131r\u0131lan TLS 1.3, kendisinden \u00f6nceki TLS 1.2&#8217;ye g\u00f6re handshake s\u00fcrecinde devrim niteli\u011finde de\u011fi\u015fiklikler getirmi\u015ftir. Bu yenilikler, modern web&#8217;in h\u0131z ve g\u00fcvenlik beklentilerini kar\u015f\u0131lamak \u00fczere tasarlanm\u0131\u015ft\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Hiz-ve-Performans-Azaltilmis-Gidis-Donus-Suresi-Round-Trip-Time\"><\/span>H\u0131z ve Performans: Azalt\u0131lm\u0131\u015f Gidi\u015f-D\u00f6n\u00fc\u015f S\u00fcresi (Round Trip Time)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>TLS 1.2&#8217;deki klasik handshake, istemci ve sunucu aras\u0131nda en az iki tam gidi\u015f-d\u00f6n\u00fc\u015f (2-RTT) gerektirir. Bu, \u00f6zellikle mobil a\u011flar gibi y\u00fcksek gecikmeye sahip ba\u011flant\u0131larda web sayfalar\u0131n\u0131n y\u00fcklenme s\u00fcresini g\u00f6zle g\u00f6r\u00fcl\u00fcr \u015fekilde yava\u015flatabilir. TLS 1.3, handshake s\u00fcrecini yeniden tasarlayarak bu s\u00fcreyi sadece bir gidi\u015f-d\u00f6n\u00fc\u015fe (1-RTT) indirir. &#8220;Client Hello&#8221; mesaj\u0131 art\u0131k istemcinin anahtar de\u011fi\u015fim parametrelerini ve muhtemel \u015fifreleme paketlerini i\u00e7erir. Bu sayede sunucu, ilk yan\u0131t\u0131nda (&#8220;Server Hello&#8221;) do\u011frudan oturum anahtar\u0131n\u0131 olu\u015fturmak i\u00e7in gerekli t\u00fcm bilgileri g\u00f6ndererek s\u00fcreci yar\u0131 yar\u0131ya k\u0131salt\u0131r. Bu, web sitesi performans\u0131n\u0131 ve kullan\u0131c\u0131 deneyimini do\u011frudan iyile\u015ftiren en \u00f6nemli avantajlardan biridir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Gelismis-Guvenlik-Zayif-Kriptografik-Algoritmalarin-Kaldirilmasi\"><\/span>Geli\u015fmi\u015f G\u00fcvenlik: Zay\u0131f Kriptografik Algoritmalar\u0131n Kald\u0131r\u0131lmas\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Zamanla baz\u0131 kriptografik algoritmalar\u0131n zay\u0131f oldu\u011fu ve modern sald\u0131r\u0131lara kar\u015f\u0131 savunmas\u0131z kald\u0131\u011f\u0131 anla\u015f\u0131lm\u0131\u015ft\u0131r. TLS 1.3, bu konuda radikal bir temizlik yaparak g\u00fcvenli\u011fi art\u0131r\u0131r:<\/p>\n<ul>\n<li><b>Eski Algoritmalar Kald\u0131r\u0131ld\u0131:<\/b> Art\u0131k g\u00fcvenli kabul edilmeyen RSA anahtar de\u011fi\u015fimi, SHA-1 hash algoritmas\u0131, RC4 ve 3DES gibi simetrik \u015fifreler ve \u00e7e\u015fitli zay\u0131f Diffie-Hellman gruplar\u0131 gibi bir\u00e7ok eski ve g\u00fcvensiz algoritma protokolden tamamen \u00e7\u0131kar\u0131lm\u0131\u015ft\u0131r.<\/li>\n<li><b>M\u00fckemmel \u0130leri Gizlilik (Perfect Forward Secrecy &#8211; PFS):<\/b> TLS 1.3, t\u00fcm oturumlarda PFS&#8217;yi zorunlu k\u0131lar. Bu, her oturum i\u00e7in benzersiz bir ge\u00e7ici anahtar olu\u015fturulmas\u0131 anlam\u0131na gelir. Bir sunucunun uzun vadeli \u00f6zel anahtar\u0131 \u00e7al\u0131nsa bile, bu anahtar ge\u00e7mi\u015f oturumlar\u0131n \u015fifresini \u00e7\u00f6zmek i\u00e7in kullan\u0131lamaz, bu da ge\u00e7mi\u015f ileti\u015fimin g\u00fcvenli\u011fini garanti alt\u0131na al\u0131r.<\/li>\n<li><b>Daha Fazla \u015eifreleme:<\/b> TLS 1.2&#8217;de sunucu sertifikas\u0131 gibi baz\u0131 handshake mesajlar\u0131 \u015fifresiz g\u00f6nderilirken, TLS 1.3&#8217;te &#8220;Client Hello&#8221; ve &#8220;Server Hello&#8221; d\u0131\u015f\u0131ndaki neredeyse t\u00fcm handshake s\u00fcreci \u015fifrelenir. Bu, a\u011f trafi\u011fini izleyenlerin ba\u011flant\u0131 hakk\u0131nda daha az bilgi edinmesini sa\u011flar ve gizlili\u011fi art\u0131r\u0131r.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"TLS-12-ve-TLS-13-Handshake-Surecleri-Arasindaki-Temel-Farklar\"><\/span>TLS 1.2 ve TLS 1.3 Handshake S\u00fcre\u00e7leri Aras\u0131ndaki Temel Farklar<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0130ki protokol versiyonu aras\u0131ndaki handshake farklar\u0131, h\u0131z ve g\u00fcvenlik iyile\u015ftirmelerinin temelini olu\u015fturur. \u0130\u015fte bu farklar\u0131 \u00f6zetleyen bir kar\u015f\u0131la\u015ft\u0131rma:<\/p>\n<div class=\"karsilastirma\">\n<table>\n<thead>\n<tr>\n<th>\u00d6zellik<\/th>\n<th>TLS 1.2 Handshake<\/th>\n<th>TLS 1.3 Handshake<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><b>Gidi\u015f-D\u00f6n\u00fc\u015f S\u00fcresi (RTT)<\/b><\/td>\n<td>2 RTT (tam handshake)<\/td>\n<td>1 RTT (tam handshake)<\/td>\n<\/tr>\n<tr>\n<td><b>Anahtar De\u011fi\u015fimi<\/b><\/td>\n<td>RSA ve Diffie-Hellman desteklenir.<\/td>\n<td>Sadece PFS sa\u011flayan ge\u00e7ici anahtar de\u011fi\u015fim algoritmalar\u0131 (\u00f6rn. ECDHE) desteklenir.<\/td>\n<\/tr>\n<tr>\n<td><b>Desteklenen \u015eifreler<\/b><\/td>\n<td>\u00c7ok geni\u015f bir yelpaze, zay\u0131f olanlar dahil (RC4, 3DES).<\/td>\n<td>Sadece modern ve g\u00fcvenli AEAD (Authenticated Encryption with Associated Data) \u015fifreleri (\u00f6rn. AES-GCM, ChaCha20-Poly1305).<\/td>\n<\/tr>\n<tr>\n<td><b>Oturum Yenileme<\/b><\/td>\n<td>Session ID&#8217;ler veya Session Tickets ile yap\u0131l\u0131r.<\/td>\n<td>PSK (Pre-Shared Key) tabanl\u0131 daha verimli bir &#8220;0-RTT&#8221; modu ile yap\u0131l\u0131r.<\/td>\n<\/tr>\n<tr>\n<td><b>Handshake \u015eifrelemesi<\/b><\/td>\n<td>&#8220;Change Cipher Spec&#8221; mesaj\u0131ndan sonra ba\u015flar. Sertifika gibi baz\u0131 bilgiler \u015fifresizdir.<\/td>\n<td>&#8220;Server Hello&#8221; mesaj\u0131ndan hemen sonra ba\u015flar, daha fazla mesaj \u015fifrelenir.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<h2><span class=\"ez-toc-section\" id=\"SSL-ve-TLS-Arasindaki-Farklar\"><\/span>SSL ve TLS Aras\u0131ndaki Farklar<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0130nternet g\u00fcvenli\u011fi denildi\u011finde SSL ve TLS terimleri s\u0131k\u00e7a birbirinin yerine kullan\u0131lsa da asl\u0131nda bu iki protokol, ayn\u0131 evrimsel \u00e7izginin farkl\u0131 noktalar\u0131n\u0131 temsil eder. TLS, SSL&#8217;in do\u011frudan halefidir ve modern internetin g\u00fcvenlik standard\u0131n\u0131 olu\u015fturur.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tarihsel-Gelisim-SSLden-TLSe-Evrim\"><\/span>Tarihsel Geli\u015fim: SSL&#8217;den TLS&#8217;e Evrim<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>G\u00fcvenli internet ileti\u015fiminin temelleri, 1990&#8217;lar\u0131n ortas\u0131nda Netscape taraf\u0131ndan geli\u015ftirilen SSL (Secure Sockets Layer) protokol\u00fc ile at\u0131ld\u0131. <\/p>\n<ul>\n<li><b>SSL 1.0:<\/b> Hi\u00e7bir zaman kamuya yay\u0131nlanmad\u0131 \u00e7\u00fcnk\u00fc ciddi g\u00fcvenlik a\u00e7\u0131klar\u0131 i\u00e7eriyordu.<\/li>\n<li><b>SSL 2.0:<\/b> 1995&#8217;te yay\u0131nland\u0131 ancak k\u0131sa s\u00fcrede \u00f6nemli zay\u0131fl\u0131klar\u0131 oldu\u011fu anla\u015f\u0131ld\u0131.<\/li>\n<li><b>SSL 3.0:<\/b> 1996&#8217;da piyasaya s\u00fcr\u00fcld\u00fc ve SSL 2.0&#8217;daki bir\u00e7ok sorunu gidererek uzun s\u00fcre standart olarak kullan\u0131ld\u0131.<\/li>\n<\/ul>\n<p>\u0130nternetin geli\u015fmesi ve g\u00fcvenlik ihtiya\u00e7lar\u0131n\u0131n artmas\u0131yla, SSL&#8217;in yerini alacak daha g\u00fc\u00e7l\u00fc bir protokole ihtiya\u00e7 duyuldu. 1999&#8217;da, \u0130nternet M\u00fchendisli\u011fi G\u00f6rev G\u00fcc\u00fc (IETF), SSL 3.0&#8217;\u0131 temel alarak ilk TLS (Transport Layer Security) versiyonunu yay\u0131nlad\u0131.<\/p>\n<ul>\n<li><b>TLS 1.0 (1999):<\/b> SSL 3.0&#8217;\u0131n do\u011frudan bir y\u00fckseltmesiydi.<\/li>\n<li><b>TLS 1.1 (2006):<\/b> Kriptografik iyile\u015ftirmeler i\u00e7eriyordu.<\/li>\n<li><b>TLS 1.2 (2008):<\/b> \u00c7ok daha g\u00fc\u00e7l\u00fc \u015fifreleme paketleri ve hash algoritmalar\u0131 (SHA-256 gibi) sunarak uzun y\u0131llar boyunca end\u00fcstri standard\u0131 haline geldi.<\/li>\n<li><b>TLS 1.3 (2018):<\/b> Protokol\u00fc k\u00f6kten basitle\u015ftirerek h\u0131z\u0131 ve g\u00fcvenli\u011fi \u00f6nemli \u00f6l\u00e7\u00fcde art\u0131rd\u0131.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Guvenlik-Aciklari-ve-Versiyonlarin-Onemi\"><\/span>G\u00fcvenlik A\u00e7\u0131klar\u0131 ve Versiyonlar\u0131n \u00d6nemi<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Eski protokol versiyonlar\u0131n\u0131n kullan\u0131lmaya devam edilmesi, ciddi g\u00fcvenlik riskleri do\u011furur. Y\u0131llar i\u00e7inde, SSL 2.0, SSL 3.0 ve hatta ilk TLS versiyonlar\u0131nda ciddi zafiyetler ke\u015ffedilmi\u015ftir. POODLE, BEAST ve Heartbleed gibi \u00fcnl\u00fc sald\u0131r\u0131lar, bu eski protokollerdeki tasar\u0131m hatalar\u0131ndan veya zay\u0131f kriptografik uygulamalardan faydalanm\u0131\u015ft\u0131r. Bu nedenle, sunucu ve istemci yaz\u0131l\u0131mlar\u0131n\u0131 g\u00fcncel tutmak ve sadece modern, g\u00fcvenli protokol versiyonlar\u0131n\u0131 (TLS 1.2 ve \u00f6zellikle TLS 1.3) kullanmak kritik \u00f6neme sahiptir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Gunumuzde-Hangi-Protokol-ve-Versiyonlar-Kullanilmalidir\"><\/span>G\u00fcn\u00fcm\u00fczde Hangi Protokol ve Versiyonlar Kullan\u0131lmal\u0131d\u0131r?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>G\u00fcn\u00fcm\u00fcz standartlar\u0131na g\u00f6re, t\u00fcm SSL versiyonlar\u0131 (SSL 2.0 ve 3.0) ve TLS 1.0\/1.1 g\u00fcvensiz kabul edilmektedir. T\u00fcm modern web taray\u0131c\u0131lar\u0131 ve sunucular\u0131 bu eski versiyonlara olan deste\u011fi ya tamamen kald\u0131rm\u0131\u015f ya da varsay\u0131lan olarak devre d\u0131\u015f\u0131 b\u0131rakm\u0131\u015ft\u0131r. <\/p>\n<p><b>Kesinlikle Kullan\u0131lmas\u0131 Gerekenler:<\/b><\/p>\n<ul>\n<li><b>TLS 1.3:<\/b> M\u00fcmk\u00fcn olan her yerde tercih edilmelidir. En y\u00fcksek h\u0131z\u0131 ve en g\u00fc\u00e7l\u00fc g\u00fcvenli\u011fi sunar.<\/li>\n<li><b>TLS 1.2:<\/b> TLS 1.3&#8217;\u00fc desteklemeyen daha eski sistemlerle uyumluluk i\u00e7in kabul edilebilir bir geri \u00e7ekilme (fallback) se\u00e7ene\u011fidir. Ancak, yaln\u0131zca g\u00fcvenli \u015fifreleme paketleriyle yap\u0131land\u0131r\u0131ld\u0131\u011f\u0131ndan emin olunmal\u0131d\u0131r.<\/li>\n<\/ul>\n<p>Bir web sitesi y\u00f6neticisi olarak, sunucunuzun eski ve g\u00fcvensiz protokolleri devre d\u0131\u015f\u0131 b\u0131rakacak ve sadece TLS 1.2 ve TLS 1.3&#8217;\u00fc destekleyecek \u015fekilde yap\u0131land\u0131r\u0131ld\u0131\u011f\u0131ndan emin olman\u0131z, kullan\u0131c\u0131lar\u0131n\u0131z\u0131n verilerini korumak i\u00e7in atman\u0131z gereken en temel ad\u0131mlardan biridir.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"SSLTLS-Handshake-Hatalari-ve-Nedenleri\"><\/span>SSL\/TLS Handshake Hatalar\u0131 ve Nedenleri<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>SSL\/TLS handshake s\u00fcreci, istemci ve sunucu aras\u0131nda ba\u015far\u0131l\u0131 bir \u015fekilde tamamlanmad\u0131\u011f\u0131nda, taray\u0131c\u0131n\u0131zda &#8220;Bu siteye ula\u015f\u0131lam\u0131yor&#8221;, &#8220;Ba\u011flant\u0131n\u0131z gizli de\u011fil&#8221; veya &#8220;G\u00fcvenli ba\u011flant\u0131 kurulamad\u0131&#8221; gibi hatalar al\u0131rs\u0131n\u0131z. Bu hatalar, s\u00fcrecin belirli bir ad\u0131m\u0131nda bir sorun ya\u015fand\u0131\u011f\u0131n\u0131 g\u00f6sterir ve genellikle birka\u00e7 yayg\u0131n nedenden kaynaklan\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Gecersizligi-veya-Suresinin-Dolmasi\"><\/span>Sertifika Ge\u00e7ersizli\u011fi veya S\u00fcresinin Dolmas\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>En s\u0131k kar\u015f\u0131la\u015f\u0131lan handshake hatas\u0131 nedenlerinden biridir. Sunucunun istemciye sundu\u011fu SSL sertifikas\u0131 \u00e7e\u015fitli nedenlerle ge\u00e7ersiz olabilir:<\/p>\n<ul>\n<li><b>S\u00fcre Dolmas\u0131:<\/b> SSL sertifikalar\u0131n\u0131n belirli bir ge\u00e7erlilik s\u00fcresi vard\u0131r (genellikle bir y\u0131l). Bu s\u00fcre doldu\u011funda sertifika yenilenmezse, taray\u0131c\u0131lar taraf\u0131ndan g\u00fcvensiz olarak i\u015faretlenir.<\/li>\n<li><b>Alan Ad\u0131 Uyu\u015fmazl\u0131\u011f\u0131:<\/b> Sertifika, ziyaret etmeye \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131z alan ad\u0131 i\u00e7in de\u011fil, farkl\u0131 bir alan ad\u0131 (\u00f6rne\u011fin, www.example.com yerine mail.example.com) i\u00e7in d\u00fczenlenmi\u015f olabilir. Bu duruma &#8220;sertifika ad uyu\u015fmazl\u0131\u011f\u0131 hatas\u0131&#8221; denir.<\/li>\n<li><b>G\u00fcvenilmeyen Sertifika Otoritesi (CA):<\/b> Sertifika, taray\u0131c\u0131n\u0131n g\u00fcvenilir CA listesinde bulunmayan bir otorite taraf\u0131ndan imzalanm\u0131\u015f olabilir. Bu genellikle kendi kendine imzalanan (self-signed) sertifikalar kullan\u0131ld\u0131\u011f\u0131nda ortaya \u00e7\u0131kar.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Protokol-Versiyonu-Uyusmazligi\"><\/span>Protokol Versiyonu Uyu\u015fmazl\u0131\u011f\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Handshake&#8217;in ilk ad\u0131mlar\u0131nda, istemci ve sunucu kullanacaklar\u0131 TLS versiyonu \u00fczerinde anla\u015fmal\u0131d\u0131r. E\u011fer istemcinin destekledi\u011fi en y\u00fcksek TLS versiyonu ile sunucunun destekledi\u011fi en y\u00fcksek versiyon aras\u0131nda ortak bir nokta yoksa, el s\u0131k\u0131\u015fma ba\u015far\u0131s\u0131z olur. \u00d6rne\u011fin, modern bir taray\u0131c\u0131 yaln\u0131zca TLS 1.2 ve 1.3&#8217;\u00fc desteklerken, \u00e7ok eski ve g\u00fcncellenmemi\u015f bir sunucu yaln\u0131zca g\u00fcvensiz olan SSL 3.0&#8217;\u0131 destekliyorsa, ortak bir protokol bulamazlar ve ba\u011flant\u0131 kurulamaz.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Cipher-Suite-Uyusmazligi\"><\/span>Cipher Suite Uyu\u015fmazl\u0131\u011f\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Protokol versiyonu gibi, istemci ve sunucunun ortak, desteklenen bir \u015fifreleme paketinde (cipher suite) de anla\u015fmas\u0131 gerekir. \u0130stemci, destekledi\u011fi \u015fifreleme paketlerinin bir listesini sunar. Sunucu bu listeyi inceler ve kendi destekledi\u011fi paketlerle kar\u015f\u0131la\u015ft\u0131r\u0131r. E\u011fer sunucu, istemcinin listesindeki hi\u00e7bir \u015fifreleme paketini desteklemiyorsa, bir anla\u015fmaya var\u0131lamaz ve handshake sona erer. Bu durum genellikle sunucunun \u00e7ok k\u0131s\u0131tlay\u0131c\u0131 g\u00fcvenlik politikalar\u0131 veya istemcinin \u00e7ok eski olmas\u0131 nedeniyle ya\u015fanabilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Yanlis-Sunucu-veya-Istemci-Yapilandirmasi\"><\/span>Yanl\u0131\u015f Sunucu veya \u0130stemci Yap\u0131land\u0131rmas\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Bazen sorun, protokoller veya sertifikalardaki temel bir uyumsuzluktan ziyade, sunucu veya istemci taraf\u0131ndaki yanl\u0131\u015f yap\u0131land\u0131rmalardan kaynaklan\u0131r.<\/p>\n<ul>\n<li><b>Sunucu Taraf\u0131:<\/b> SSL sertifikas\u0131n\u0131n do\u011fru bir \u015fekilde kurulmam\u0131\u015f olmas\u0131, ara sertifikalar\u0131n (intermediate certificates) eksik olmas\u0131 veya sunucunun g\u00fcvenlik duvar\u0131 (firewall) kurallar\u0131n\u0131n TLS trafi\u011fini engellemesi gibi sorunlar handshake hatalar\u0131na yol a\u00e7abilir.<\/li>\n<li><b>\u0130stemci Taraf\u0131:<\/b> Kullan\u0131c\u0131n\u0131n bilgisayar\u0131ndaki saatin ve tarihin yanl\u0131\u015f olmas\u0131, sertifika ge\u00e7erlilik tarihlerinin hatal\u0131 yorumlanmas\u0131na neden olabilir. Benzer \u015fekilde, baz\u0131 antivir\u00fcs yaz\u0131l\u0131mlar\u0131 veya kurumsal a\u011f proxy&#8217;leri, \u015fifreli trafi\u011fi denetlemek i\u00e7in m\u00fcdahale ederek handshake s\u00fcrecini bozabilir ve hatalara neden olabilir.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"SSLTLS-Sertifikasi-Ihtiyaclariniz-Icin-Neden-IHS-Telekomu-Tercih-Etmelisiniz\"><\/span>SSL\/TLS Sertifikas\u0131 \u0130htiya\u00e7lar\u0131n\u0131z \u0130\u00e7in Neden \u0130HS Telekom&#8217;u Tercih Etmelisiniz?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Web sitenizin g\u00fcvenli\u011fi, ziyaret\u00e7ilerinizin g\u00fcvenini kazanmak ve dijital varl\u0131\u011f\u0131n\u0131z\u0131 korumak i\u00e7in en temel gerekliliktir. SSL\/TLS handshake s\u00fcrecinin sorunsuz i\u015flemesi ve sitenizin &#8220;g\u00fcvenli&#8221; olarak i\u015faretlenmesi, do\u011fru SSL sertifikas\u0131n\u0131 se\u00e7mek ve kurmakla ba\u015flar. \u0130HS Telekom olarak, her \u00f6l\u00e7ekten i\u015fletmenin g\u00fcvenlik ihtiya\u00e7lar\u0131n\u0131 kar\u015f\u0131layacak geni\u015f bir <a href=\"https:\/\/www.ihs.com.tr\/ssl\/\">SSL sertifikas\u0131<\/a> yelpazesi ve uzman deste\u011fi sunuyoruz.<\/p>\n<p>Tek bir alan ad\u0131n\u0131 korumak i\u00e7in temel D\u00fczey SSL sertifikalar\u0131ndan, t\u00fcm alt alan adlar\u0131n\u0131z\u0131 tek bir sertifika ile g\u00fcvence alt\u0131na alan <strong><a href=\"https:\/\/www.ihs.com.tr\/ssl\/wildcard-ssl.html\">Wildcard SSL<\/a><\/strong> sertifikalar\u0131na; birden fazla alan ad\u0131n\u0131 tek bir sertifikada birle\u015ftiren <strong><a href=\"https:\/\/www.ihs.com.tr\/ssl\/multi-domain-ssl.html\">Multi-Domain SSL<\/a><\/strong> \u00e7\u00f6z\u00fcmlerinden, en y\u00fcksek d\u00fczeyde g\u00fcven ve ye\u015fil adres \u00e7ubu\u011fu sa\u011flayan <strong><a href=\"https:\/\/www.ihs.com.tr\/ssl\/ev-ssl.html\">EV (Extended Validation) SSL<\/a><\/strong> sertifikalar\u0131na kadar t\u00fcm ihtiya\u00e7lar\u0131n\u0131za y\u00f6nelik \u00e7\u00f6z\u00fcmlerimiz mevcuttur. D\u00fcnya lideri sertifika otoriteleri olan <strong><a href=\"https:\/\/www.ihs.com.tr\/ssl\/digicert-ssl.html\">DigiCert<\/a><\/strong>, <strong><a href=\"https:\/\/www.ihs.com.tr\/ssl\/geotrust-ssl.html\">GeoTrust<\/a><\/strong> ve <strong><a href=\"https:\/\/www.ihs.com.tr\/ssl\/rapidssl.html\">RapidSSL<\/a><\/strong> gibi markalar\u0131n yetkili sa\u011flay\u0131c\u0131s\u0131 olarak, projenize en uygun sertifikay\u0131 se\u00e7menizde size yard\u0131mc\u0131 oluyoruz. Teknik destek ekibimiz, sertifika kurulumu ve olas\u0131 handshake hatalar\u0131n\u0131n \u00e7\u00f6z\u00fcm\u00fc konusunda her zaman yan\u0131n\u0131zdad\u0131r. G\u00fcvenli\u011finizi \u015fansa b\u0131rakmay\u0131n, \u0130HS Telekom&#8217;un tecr\u00fcbesi ve g\u00fcvenilir altyap\u0131s\u0131 ile web sitenizi bug\u00fcn g\u00fcvence alt\u0131na al\u0131n.<\/p>\n<p>Anla\u015f\u0131ld\u0131, uzman bir i\u00e7erik yazar\u0131 olarak, verilen makale tasla\u011f\u0131 ve kurallar do\u011frultusunda SEO uyumlu, bilgilendirici ve okuyucu odakl\u0131 bir HTML makalesi olu\u015fturaca\u011f\u0131m.<\/p>\n<p>\u0130nternet \u00fczerinde her g\u00fcn milyarlarca veri al\u0131\u015fveri\u015fi ger\u00e7ekle\u015fir. \u00c7evrimi\u00e7i al\u0131\u015fveri\u015f yaparken kredi kart\u0131 bilgilerinizi girmekten, sosyal medya hesab\u0131n\u0131za giri\u015f yapmaya kadar t\u00fcm bu i\u015flemler, verilerinizin g\u00fcvenli bir \u015fekilde iletilmesini gerektirir. \u0130\u015fte bu g\u00fcvenli ileti\u015fimin temel ta\u015f\u0131, SSL\/TLS &#8220;handshake&#8221; olarak bilinen dijital el s\u0131k\u0131\u015fma s\u00fcrecidir. Bu s\u00fcre\u00e7, taray\u0131c\u0131n\u0131z ile ba\u011fland\u0131\u011f\u0131n\u0131z web sunucusu aras\u0131nda g\u00fcvenli, \u015fifreli bir ileti\u015fim kanal\u0131 kurarak hassas bilgilerinizin \u00fc\u00e7\u00fcnc\u00fc \u015fah\u0131slar\u0131n eline ge\u00e7mesini engeller. Bu makalede, SSL\/TLS handshake&#8217;in ne oldu\u011funu, neden bu kadar \u00f6nemli oldu\u011funu ve bu karma\u015f\u0131k s\u00fcrecin perde arkas\u0131nda nas\u0131l \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 ad\u0131m ad\u0131m inceleyece\u011fiz.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u0130nternet \u00fczerinde her g\u00fcn milyarlarca veri al\u0131\u015fveri\u015fi ger\u00e7ekle\u015fir. \u00c7evrimi\u00e7i al\u0131\u015fveri\u015f yaparken kredi kart\u0131 bilgilerinizi girmekten, sosyal medya hesab\u0131n\u0131za giri\u015f yapmaya kadar t\u00fcm&hellip;<\/p>\n","protected":false},"author":3,"featured_media":15117,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[400],"tags":[],"class_list":["post-15116","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ssl-sertifikasi"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/15116","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=15116"}],"version-history":[{"count":2,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/15116\/revisions"}],"predecessor-version":[{"id":15119,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/15116\/revisions\/15119"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media\/15117"}],"wp:attachment":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=15116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=15116"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=15116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}