Hi,

The certificates in TLS are X.509 and are transmitted in .der format, but TLS implementations usually can load/import them from .pem format as well.

The key exchange mode and the exact certificate being sent is negotiated by the client and the server and depends on their configuration and capabilities.

Here are some diagrams on the different versions:
https://tls12.xargs.org/

https://tls13.xargs.org/

I hope this helps.

Regards,

Janos

From: Satya Prakash Prasad via mbed-tls <mbed-tls@lists.trustedfirmware.org>
Date: Saturday, 13 January 2024 at 13:42
To: mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.org>
Subject: [mbed-tls] MBed TLS Tutorial

Hi,

Referring to the example as in https://mbed-tls.readthedocs.io/en/latest/kb/how-to/mbedtls-tutorial/ (secure connection) does the secret key exchange takes place in-between server and client.

Is there any flowchart / diagram that states what happens during the server client connection - how the keys are exchanged and what types of certs are exchanged, I mean like .pem, X.509 etc?

Can we take this way that be it any type of certificate the code implementation is the same for all TLS communication?

Thanks in advance.

Regards,

Prakash