The basics of Transport Layer Security (TLS)
Pranav Bawgikar
[62]
What is Transport Layer Security?
Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. A primary use case of TLS is encrypting the communication between web applications and servers, such as web browsers loading a website. TLS can also be used to encrypt other communications such as email, messaging, and Voice over IP (VoIP).
TLS is designed to provide security at the transport layer. It was derived from a security protocol called Secure Sockets Layer (SSL). TLS ensures that no third party may eavesdrop on or tamper with any message.
How TLS Works
For a website or application to use TLS, it must have a TLS certificate installed on its origin server (the certificate is also known as an "SSL certificate").
A TLS certificate is issued by a Certificate Authority (CA) to the person or business that owns a domain. The certificate contains important information about who owns the domain, along with the server's public key—both of which are important for validating the server's identity.
The TLS Handshake
A TLS connection is initiated using a sequence known as the TLS handshake. When a user navigates to a website that uses TLS, the TLS handshake begins between the user's device (also known as the client device) and the web server.
During the TLS handshake, the user's device and the web server:
Specify which version of TLS (e.g., TLS 1.0, 1.2, 1.3, etc.) they will use.
Decide on which cipher suites they will use.
Authenticate the identity of the server using the server's TLS certificate.
Generate session keys for encrypting messages between them after the handshake is complete.
Cipher Suites and Public Key Cryptography
The TLS handshake establishes a cipher suite for each communication session. The cipher suite is a set of algorithms that specifies details such as which shared encryption keys, or session keys, will be used for that particular session.
TLS is able to set the matching session keys over an unencrypted channel thanks to a technology known as public key cryptography.
The handshake also handles authentication, which usually consists of the server proving its identity to the client. This is done using public keys.
Public keys are encryption keys that use one-way encryption. Anyone with the public key can unscramble the data encrypted with the server's private key to ensure its authenticity, but only the original sender can encrypt data with the private key. The server's public key is part of its TLS certificate.
Message Authentication Code (MAC)
Once data is encrypted and authenticated, it is then signed with a Message Authentication Code (MAC). The recipient can verify the MAC to ensure the integrity of the data.
This is similar to the tamper-proof foil found on a bottle of aspirin: the consumer knows no one has tampered with their medicine because the foil is intact when they purchase it.
Benefits of TLS
Encryption: TLS/SSL helps to secure transmitted data using encryption.
Interoperability: TLS/SSL works with most web browsers, including Microsoft Internet Explorer, and on most operating systems and web servers.
Algorithm Flexibility: TLS/SSL provides operations for authentication mechanisms, encryption algorithms, and hashing algorithms that are used during the secure session.
Ease of Deployment: Many applications support TLS/SSL deployment on Windows Server 2003 operating systems.
Ease of Use: Because TLS/SSL is implemented beneath the application layer, most of its operations are completely invisible to the client.
Subscribe to my newsletter
Read articles from Pranav Bawgikar directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Pranav Bawgikar
Pranav Bawgikar
Hiya 👋 I'm Pranav. I'm a recent computer science grad who loves punching keys, napping while coding and lifting weights. This space is a collection of my journey of active learning from blogs, books and papers.