Transport Layer Security Protocol (TLS)

Introduction

Secure Socket Layer / Transport Layer Security

SSL and the newer TLS are technologies that allow the secure encryption and transmission of data across the internet. Without these technologies any data sent across the internet would be susceptible to interception by third parties.

This data could include:

  • Personal information – home address, telephone number
  • Sensitive information – medical information, criminal record information
  • Financial information – banking logins/passwords & credit card information

TLS & Digital certificates work to ensure that data cannot be read / tampered with if intercepted and that you have protection against man-in-the-middle attacks.

 

TLS Layers

Transport Layer Security contains two components, or layers, each with a particular purpose.

  • Handshake Layer/Protocol
  • Record Layer / Protocol

 

Handshake Protocol

Handshake Protocol

The TLS Handshake is used to establish encryption and trust between the server and client. Below is the handshake used in TLS 1.2, not the newer TLS 1.3 which is a little different.

Step 1 – Client Hello

In the first step the client sends a message to the server listing the various encryption technologies that the client supports.

This includes:

  • The version of SLL/TLS that the client supports
  • The encryption algorithms that the client supports
  • Data compression algorithms

Step 2 – Server Hello

The server responds with:

  • The chosen set of encryption algorithms to be used. This is known as the Cypher Suite.
  • A session ID to be used for the remainder of the connection
  • The server’s digital certificate, which contains the server’s public key

Step 3 – Verify the digital certificate

The client contacts the certificate authority listed on the digital certificate and checks that the certificate is authentic and is still valid, thereby verifying the identity of the server.

Step 4 – Secret key sharing

The client sends a secret key, encrypted with the server’s public key, to be used as a shared key for symmetric encryption for the remainder of the session.

Note: Most web servers actually use Diffie-Hellman Ephemeral Key Exchange for the session encryption as it provides perfect forward secrecy.

Step 5 – Server responds handshake complete

The server responds with a message encrypted using the shared symmetric key, indicating that the handshake is complete and the session then begins.

Record Protocol

Record Protocol

Once a secure session is established the remainder of the session is secured using the cypher suite, symmetric keys and compression agreed during the handshake protocol.

 

 

 

Videos

Great Simplified Introduction

A more in-detail video

Resources