Transport Layer Security (TLS), formerly called Secure Sockets Layer (SSL), is a cryptographic protocol. It supports confidentiality and data integrity for communications over open networks, like the Internet. In other words, TLS provides a protection which ensures that the data is both consistent and correct, in both the client and server applications.
In the world of computer networking, the Transport Layer is a group of protocols and methods intertwined within the network's architecture. Its main function is to break down data blocks into data units, which can be transferred throughout the network infrastructure more easily. TLS encrypts these units, or segments, from one end of the Transport Layer to the other.
Many of these protocols are used in applications such as instant messaging, web browsing and E-mail. TLS is a standards track protocol, which means that there are definite specifications of the methodology or technology applicable to the Internet. All standards for the Internet are created by the Internet Engineering Task Force (IETF).
To put it simply, the Transport Layer Security is there to prevent tampering, message forgery, and eavesdropping. This includes communications within unilateral connection modes, as well as bilateral connection modes. The process of Transport Layer Security can be broken down into three phases: peer negotiation for algorithm support, key exchange and certificate-based authentication, and symmetric cipher-based traffic encryption.
These phases, when combined, allow the TLS protocol to exchange records, compress them, and then encrypt them with a message authentication code (MAC). In some cases, the server may request a certificate from the client to ensure that the connection is mutually authenticated. In a nutshell, a Transport Layer Security client and server connect using a handshaking procedure. This handshake becomes the mutual agreement for the connection's security parameters.
For example, a simple connection, or handshake, would usually involve an initial ClientHello message, a ServerHello response message, a Certificate message, and finally a ServerHelloDone message. It would then continue with a ClientKeyExchange message, a ChangeCipherSpec record, and a ChangeCipherSpecFinished message. More extensive handshakes may involve messages such as CertificateRequest and CertificateVerify.
Multiple Handshake messages may be combined within one record. Should there be any signals of fatal error, the session will close immediately. In the beginning stages, the government's restrictions on the export of cryptographic technology, only allowed SSL to use a maximum of 40-bit symmetric keys. Today, TLS uses 128-bit or longer keys for ciphers.
