TLS (Transport Layer Security): The foundation of Internet security

What is TLS?

TLS (Transport Layer Security) enables encrypted communication on the Internet. It protects the daily online activities of billions of people, such as online banking, sending emails, and using social media.

TLS is a protocol whose purpose is to enable secure transmission of information over the network. For a detailed specification of the protocol, you can refer to here.

What is the difference between SSL and TLS?

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are essentially the same thing. Originally developed by Netscape, SSL eventually changed its name to TLS, after which new SSL versions were referred to as TLS. After SSLv3, there was no SSLv3.1 or SSLv4, but TLSv1. SSLv3 was the last version of the protocol called SSL.

The more specific historical reason was that when the security flaws of SSL version three came to light, the IETF took the lead and released TLS 1.0 in 1999, which was essentially SSL 3.1. Since then, TLS has evolved, and today TLS 1.3 is in use, providing improved security and efficiency.

TLS operation principle

The operation of the protocol can be divided into four key phases:

Handshake: At this stage, for example, the browser and server exchange greetings and agree on the encryption algorithm, keys, and other security parameters to be used.

Certificate exchange and verification: The server sends its TLS certificate, which contains the server's public key and is signed by a trusted certificate authority (CA). The browser verifies the authenticity of the certificate.

Encryption negotiation: The parties agree on a symmetric encryption key to be used during the session.

Data transfer: All data to be sent and received is encrypted with the agreed key and transferred securely.

The protocol combines quite a lot of things that have been learned earlier in this course, such as asymmetric encryption, symmetric encryption, cryptographic hash functions, and digital signatures.

We will delve into these deeper soon, but first we need to go through an important matter, namely certificates.

TLS Handshake

TLS connection starts with a handshake. Here is a summary of the handshake flow.

• ClientHello: The client sends a message that includes supported encryption protocols, encryption methods, and a random number.
• ServerHello: The server selects the protocol and encryption method from the client's proposals and sends back its selections to the client along with a random number.
• Server Certificate: The server sends the client a digital certificate containing the server's public key and authenticates the server.
• ServerKeyExchange (optional): This message is used if the selected encryption method requires additional information for key exchange.
• ServerHelloDone: Indicates that the server has finished sending "Hello" messages and is waiting for the client's response.
• ClientKeyExchange: Client creates the "pre-master secret" and encrypts it with the server's public key, sending the information to the server.
• CertificateVerify (optional): If the client sent its own certificate, it now sends a signature that verifies the certificate.
• [ChangeCipherSpec]: Both the client and the server send this message to each other to notify that the following messages are encrypted using the agreed upon encryption method.
• Finished: Both parties send each other a message to confirm the success of the handshake phase and that encryption is now in use.

TLS handshake ensures that the client and server have agreed on common encryption parameters securely, without outsiders being able to eavesdrop or manipulate the exchanged data. The encrypted connection formed at the end of the handshake ensures the integrity, confidentiality, and authentication of the data throughout the entire communication.