A widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet.
The primary case of TLS is encrypting the communications betweem web applications and servers. Other use cases of TLS includes:
- VoIP
- Messaging
TLS was proposed by the Internet Engineering Task Force (IETF), an international standards organization, and the first version of the protocol was published in 1999. The most recent version is TLS 1.3, which was published in 2018.
TLS evolved from SSL, the version 3.1 of SSL was renamed to TLS 1.0. It was changed to in order to indicate the disassociation from Netscape.
HTTPS is actually the most common implementation of the TLS encryption protocol, is used by all websites and some web services.
TLS encryption can help protect applications from data breaches and man in the middle attacks. TLS-protected HTTPS is a standard practice for websites.
The TLS connection is initiated following a pattern called TLS Handshake. Every time an user navigates to an website, the TLS handshake begins.
- Specify which version to use
- Decide on which cypher suites
- Authenticate the identity of the server using the TLS ceritficate
- Generate session keys for encrypting messages after the handshake is completed