Definition
Transport Layer Security
The Transport Layer Security (TLS) protocol is the standard protocol for secure data transmission on the Internet. It was previously known as SSL (Secure Sockets Layer).
Versions
- TLS 1.2 (2008): most widespread
- TLS 1.3 (2018): latest version
Security Guarantees
Confidentiality
Transmitted data is protected using symmetric encryption algorithms.
Integrity
Transmitted data is protected using MACs.
Authentication
Communication partners are authenticated using asymmetric algorithms and certificates. Server authentication is almost always enabled; client authentication is optional and rarely used.
TLS 1.2 Handshake
A TLS 1.2 connection is established in four steps:
- Negotiation of security parameters: client and server agree on TLS version, cipher suite, and compression method
- Server authentication and key exchange: server sends its certificate chain and key exchange parameters
- Client authentication (optional) and continuation of key exchange: client sends its certificate (if requested) and key exchange material
- Completion of the handshake: both parties send ChangeCipherSpec and Finished messages
Forward Secrecy
Forward Secrecy
Some cipher suites provide forward secrecy: session keys of past encrypted communications cannot be compromised even if the attacker obtains the server’s private key. This is typically implemented with an ephemeral Diffie-Hellman key exchange where a fresh private key is generated for every connection.