Skip to main content

Transport Layer Security (TLS)

Transport Layer Security (TLS) (in Spanish security of the transport layer), is an encryption protocol that is used for the transmission of data on the Internet. The protocol describes a general standard that can be implemented in specific settings. Transport Layer Security is one of the most widely used encryption protocols. At the same time transporting data between a browser and a web server, as is the case with HTTPS, TLS is also used for sending emails, FTP and VPN connections, as well as for instant messaging and voice over IP. TLS is mainly used in areas where it consists of sensitive datasuch as online banking, customer data storage, passwords, and digital communications. The objective is to ensure the secure transmission of data and to ensure the highest degree of integrity of the users of the communication.

General information

The development of TLS went hand in hand with the development of the Internet. It was introduced in the mid-1990s alongside the Netscape browser, SSL 1.0. In 1999, SSL was renamed TLS 1.0 and was further improved. Over time, the IETF proposed several RFCs (Request for Comments) as standards. Since January 2016, this has been the case for TLS 1.3, which is in the development stage. The current valid standard is TLS 1.2. It took 14 years to go from SSL to TLS 1.2, so TLS must be considered one of the most secure network protocols ever.[1]

TLS and the obsolete SSL protocol are often considered the same thing and are used incorrectly as synonyms. TLS has been built on SSL, but it is considered to be an independent and fundamentally newer encryption protocol. Because TLS also includes authentication, key generation, new encryption algorithms, as well as different cipher suites, it is currently used many times for data transmission over networks. TLS is also relatively easy to use in protocols without security mechanisms. TLS is additionally extensible and backward compatible, so both the latest encryption algorithms and outdated network protocols can be supported.

How does it work

TLS schematically manages each data transmission as communication between sender and receiver, for example, between client and server. The TLS protocol is used at a specific point in the information technology architecture, which is also called the OSI model or the TCP / IP reference model. TLS operates at the transport layer, where digital communication data flows are managed. This layer is part of the transport system, which is separated from the application layer and, therefore, from the user. This means that users do not have to worry about the characteristics of the system used for data transmission, and they can also use the system without knowledge of the network.

The transport layer enables end-to-end encryption, so the application layer is always an implementation of the higher standard TLS protocol. HTTPS is, for example, an application of TLS. The same applies to POP3S, SMTPS, and IMAPS, all of which allow secure transmission of email. For other apps, such as chats, VPN connections or FTP data transfer, there are adapted protocols that make TLS applicable in practice. TLS is a basic concept that can have many different apps or instances.

In general, TLS has three goals, regardless of its practical use:[2]

  • Encryption: Any message or information that is transmitted is protected against access by third parties by means of encryption algorithms.
  • Authentication: Any communication between the sender and the receiver requires a mechanism to verify these identities on the network.
  • Integrity: No message or information can be tampered with or forged afterwards.

Transport Layer Security (TLS)

The transport layer security encryption protocol or transport yesterday security It consists of two basic components, each of which is designed to meet specific objectives. The first part refers to the actual data transmission, the second part includes mechanisms to authenticate users communication before a data transmission takes place. Only when the client and the server have mutually verified their reliability, the first bits of data are transmitted in encrypted format over the transport layer.

TLS registration protocol

The purpose of the TLS registration protocol is secure data transmission. This is achieved through encryption algorithms such as the Advanced Encryption Standard (AES). Symmetric encryption is used to encrypt the data to be transmitted, as well as the key that is exchanged between the sender and the receiver using a separate protocol. Each key is valid only for one connection and only communication users who have the key can enter that data.

To check whether the data streams have been tampered with, a message authentication code (MAC). This code allows you to check against a cryptographic hash table that can only be interpreted by senders and recipients who have the key. Hence, they promise themselves that the data comes simply from a source that has the key and that it has not been tampered with or forged afterwards.

TLS handshake protocol

Key exchange is a crucial issue in any encryption. Transport layer security solves this problem by means of a type of handshake between the transmitter and the receiver for connection setup. This handshake regulates, on the one hand, the handover of keys. Apart from this, it is responsible for the authentication of the participants in the communication using asymmetric encryption methods and a public key infrastructure, which distributes and verifies the certificates. The keys that are used in addition are negotiated by means of the handshake. The handshake protocol includes three other protocols that specify the keys used, issue error messages, and store app data:

  • TLS Change Cipher Spec Protocol.
  • TLS alert protocol.
  • TLS application data protocol.

Relevance for SEO

As a hybrid encryption method, TLS has acquired a huge importance in Internet security. TLS combines symmetric and asymmetric procedures, as well as mechanisms to verify the authenticity and integrity of data flows and messages. The concept is modular and different encryption options are combined. The Chipher Suite contains algorithms that comply with the most modern encryption standards.

However, the modular structure of the Transport Layer Security is at the same time a disadvantage if the procedures are not up to date. The faulty implementations are also a common obstacle. Users can make mistakes when configuring encryption protocols if the infrastructure is complex (for example, virtual hosting, large sites with CDN systems, and service-focused architectures). For such scenarios, however, protocol collections and program libraries are offered, which have been adapted for the respective application areas. This is also known as Authenticated encryption (AE).

Alternatively, it is also feasible to use a server name hint if there are multiple encrypted sites on a server. A version of the Diffie-Hellmann algorithm can be used for handover of keys to avoid data manipulation (Perfect Forward Security).

Web Links