TLS Encryption Protocol

What is TLS Encryption

Transport Layer Security – TLS is basically a data transmission security protocol, used to encrypt data sent over the internet. TLS is widely used by all major websites and private networks that send or request personal or confidential information.

How did it become so widely used?

Prior to TLS was the Secure Sockets Layer(SSL) Netscape created, who in 1999 allowed the Internet Engineering Task Force (IETF), a standards organization, to release future versions. Which they maintained and renamed SSL to TLS even though the versions are not interchangeable and both are still used.

The IETF then drafted The Transport Layer Security Protocol Version 1.2 in August of 2008. Their goal was to maintain privacy and data integrity. They wanted client/server applications to be able to communicate securely and not have information intercepted or altered during transmission. This led to major websites, web host services, private networks and nearly anyone who wanted to do any type of business online, adapting to the new standard.

How does it work?

Data begins with the sender (client), something simple as credit card information needs to be transmitted over the internet to a credit card processor service (server), in order to complete a purchase. This information becomes encrypted, gets sent to a server and becomes decrypted and processed. In Aug of 2018, the IETF.org published The Transport Layer Security Protocol Version 1.3.

TLS is how this data becomes encrypted/decrypted and protects the data from the sender being intercepted or changed during transmission. This protocol has two layers, the TLS Record Protocol and the TLS handshake. The TLS Record Protocol creates the security key to protect data during transmission. The Handshake creates shared keys that were negotiated between the client and server, for data sharing and server authentication.

Before data is transmitted the client first sends a ClientHello message that contains, protocol versions and different types of “extract and expand” keys used for encrypting/decrypting data. The server receives the ClientHello and determines which keys would be appropriate to be used to complete transmission. It will send a ServerHello back to the client with the negotiated key the ClientHello and ServerHello established, which now creates a shared key.

Then the server sends messages to establish data acceptance parameters, either with an encrypted extension or a certificate request. Once the remaining data keys are sent, then application data and information can now be transmitted.

When is it used?

What is TLS protocols purpose? This security transmission protocol is used worldwide, from banking to online shopping to protect any type of sensitive data. It’s been improving its safety measures to protect against hacking and discussed by industry leaders such as IEEE.org and in a current update from IETF.org with a One Year Update on the advancements on TLS 1.3 since inception.