TLS (in English: Transport Layer Security, see abbreviationfinder) and its predecessor SSL ( in English: Secure Sockets Layer ) are cryptographic protocols that provide security for communication over the Internet. TLS and SSL encryption are segments of network connections at the application layer (above the transport layer ) using asymmetric cryptography for the private message authentication code, which increases the reliability of the message.
Several versions of the protocols are widely used in Internet browsing, e-mail, Internet fax, instant messaging, and voice-over-IP (VoIP).
TLS is an IETF standards track protocol, last updated in RFC 5246, and is based on the earlier SSL specifications developed by Netscape Communications.
Description
TLS allows client/server applications to communicate over the network in a way designed to prevent eavesdropping and tampering.
The TLS client and server negotiate a dynamic connection through a so-called handshake. In it, they agree on various parameters used to establish the encrypted connection.
The procedure starts when the client connects to a TLS server, requests a secure connection, and presents the server with a list of supported CipherSuites (ciphers and hash functions). From this list, the server selects the strongest cipher and hash function and notifies the client of the decision.
The server sends back its identification in the form of a digital certificate. The certificate usually contains the name of the server, the authority that issued it (certificate authority) and a public key for encryption of the server. The client can contact the server that issued the certificate (CA) and verify the validity of the certificate before proceeding.
To generate the session keys used for a secure connection, the client encrypts a random number with the server’s public key and sends the result to the server. Only the server can decrypt it with its private key. This completes the handshake process and begins a secure encrypted connection.
If any of the above steps fail, the TLS handshake fails and the connection is not established.
Protection
This protocol provides security in an invisible way to the user. The operations carried out by the protocol take place above the basic services layer of the Internet protocol stack. Software that uses the transmission control protocol assigns a port or socket to both ends of the connection. This is done by drawing a map of the software procedures at each end of the connection. Contact parties.
Principle
Most of the protocol’s procedures are implemented once information is exchanged and a secure communication channel is requested to be set up. The protocol begins working when the user’s computer requests reliability from the server. The request the user makes determines which encryption algorithm can be used in addition to the challenge text. (The challenge text, in brief, is random material that is returned within encrypted content to prevent the re-transmission of those encrypted texts that were previously used, which means that the challenge text is different from the encrypted texts.)
The authentication that the server returns is in the form of a certificate containing the signature of the server’s declared key, and the server’s preferences for the encryption algorithm that will be used. The user’s computer then generates the original key, encrypts the server’s key, and then sends the result to the server. The server then returns the encrypted message with the original key, and uses this key to generate the keys needed to send messages.
Uses
The SSL protocol can encrypt all communications between ports immediately and without user intervention, which provides security support for all Internet applications, especially e-mail, Telnet Protocol, and File Transfer Protocol, in addition to various exchanges that take place on the Web, as they can all be protected by SSL.