Home > Transport Layer Security
Secure Sockets Layer (SSL) and Transport Layer Security (TLS), its successor, are cryptographic protocols which provide secure communications on the Internet.1 Description
These protocols provide endpoint authentication and communications privacy over the Internet using cryptography. In typical use, only the server is authenticated (i.e. its identity is ensured) while the client remains unauthenticated; mutual authentication requires PKI deployment to clients. The protocols allow client/server applications to communicate in a way designed to prevent eavesdropping, tampering, and message forgery.
Both TLS and SSL involve a number of basic phases:
- Peer negotiation for algorithm support
- Public-key encryption-based key exchange and certificate-based authentication
- Symmetric cipher-based traffic encryption
2 Applications
The SSL and TLS protocols run on layers beneath application protocols such as HTTP, SMTP and NNTP and above the TCPTransmission Control Protocol (TCP is a connection-oriented, reliable delivery byte-stream transport layer communication protocol, currently documented in IETF RFC 793. It does the task of the transport layer in the simplified OSI model of computer networ transport protocol, which forms part of the TCP/IPThe Internet protocol suite is the set of protocols that implement the protocol stack on which the Internet runs. It is sometimes called the TCP/IP protocol suite, after the two most important protocols in it: the Transmission Control Protocol (TCP) and t protocol suite. While both SSL and TLS can add security to any protocol that uses TCP, they occur most commonly used in the HTTPSHTTPS is the secure version of HTTP, the communication protocol of the World Wide Web. It was invented by Netscape Communications Corporation to provide authentication and encrypted communication and is used in electronic commerce. Instead of using plain access methodThe networking term access method can refer to several concepts. It can refer to the way that network devices access the network medium at the physical layer. It can also mean software in an SNA processor that controls the flow of data through a network.. HTTPS serves to secure World Wide WebThe World Wide Web (the Web or WWW for short) is a distributed hypertext system that operates over the Internet. Basic terms Hypertext is viewed using a program called a web browser which retrieves pieces of information, called "documents" or " web pages" pages for applications such as Electronic commerceElectronic commerce or e-commerce consists of the buying, selling, marketing, and servicing of products or services over computer networks. The information technology industry might see it as an electronic business application aimed at commercial transact. Both the SSL and the TLS protocols use public key cryptography and public key certificateAs used in cryptography and computer security, a public key certificate (also called identity certificate is a block of bits containing, in a specified format, the public half of an asymmetric key algorithm key pair (the "public key"), together with idents to verify the identity of endpoints.
While an increasing number of client and server products can support TLS or SSL natively, many still do not. In these cases, a user may wish to use standalone SSL products like Stunnel to provide SSL encryption.
3 History and development
Developed by Netscape, SSL version 3.0 was released in 1996, which later served as a basis to develop Transport Layer Security (TLS), an IETF standard protocol. The first definition of TLS appeared in RFC 2246: "The TLS Protocol Version 1.0". Visa, MasterCard, American Express and many leading financial institutions have endorsed TLS for commerce over the internet.
Like SSL (which provided its base), the TLS protocol operates in modular fashion: its authors designed it for extendability, with support for forwards and backwards compatibility and negotiation between peers.
