TLS (Transport Layer Security) is a cryptographic protocol that provides secure communication over a computer network by ensuring privacy, integrity and confidentiality of data while in transit. It prevents data tampering and eavesdropping and can be used for email, file transfers, www, and video or audio conferencing applications.
The TLS protocol was defined for the first time in 1999. It evolved from Secure Socket Layers (SSL) and is based on SSL 3.0, successfully replacing this now-deprecated prototype.
Transport Layer Security uses various cryptographic processes:
- Public-key cryptography is used to provide authentication.
- Secret-key cryptography has hash functions to ensure privacy and data integrity.
The solution helps to better secure connection between a minimum of two applications, and ensures interoperability between devices.
The TLS protocol can be divided into two layers. The first one consists of a handshake protocol, and the second layer is the record protocol. The handshake protocol agrees upon the necessary specifications (e.g. keys) for the data application exchange between the client requesting the data and the server reacting to that request.
The process of information exchange between the client and server is called a handshake.
- Negotiation – here, the set of cryptographic algorithms are negotiated and chosen between the client and server.
- (Voluntary) Authentication of the server's identity – the client might check the server's public key certificate at this stage.
- Key exchange – the client and server are able to communicate securely now using encrypted data.
Although TLS is based on the SSL protocol, it does not mean that they are the same. TLS is a boosted version of SSL offering an improved level of security. All the deployed versions of SSL have been classified as vulnerable, and the whole protocol is now deprecated. TLS has also had some defeats – TLS 1.0 and 1.1 are also described as deprecated now, but version 1.2 is widely deployed and popular.