TLS/SSL Protocol

Transport Layer Security (TLS) is a cryptographic protocol that provides secure communication over a computer network, including the Internet, WANs, and LANs. It is the successor of Secure Sockets Layer (SSL). Both are often referred to as SSL.

The TLS protocol (RFC 5246 Transport Layer Security (TLS)) adds a security layer to transport protocols such as TCP/IP and HTTP (making it HTTPS). It is commonly used in web and mobile applications, email, instance messaging, and VOIP applications, and also in WAN and LAN network communication.

TLS specifies two protocol layers:

• TLS Record Protocol—ensures that the connection is private and reliable. Data is encrypted using keys that are generated for each connection and are based on a secret negotiated by the TLS handshake protocol.
• TLS Handshake Protocol—allows the TLS server and client to authenticate each other and to negotiate encryption algorithms and cryptographic keys before any data is exchanged. The strongest one is then used to encrypt and decrypt the conversation.

  Each side of the communication can authenticate the other by means of public and private keys. Public keys are embedded in signed digital certificates which attest that the public key is owned by the certificate owner. The public key is used to encrypt data, which can only be decrypted using the private key known to the certificate owner.

A TLS client is any application that initiates communication with a TLS server. Typically, the TLS server owns a certificate that is verified by the client (known as server verification), but the TLS client may also have a certificate that is verified by the server (known as client verification). For more information, see Certificate Verification.