During the Internet’s early days, aspects such as data security weren’t nearly as important as they are today. Most communications were transmitted unencrypted between servers during these times. Much like postcards, any mailman was able to read their content.
The TLS protocol – also referred to as SSL/TLS – introduced encryption for transmitted contents. Following on from the above example, this is comparable to a sealed envelope which only the addressed recipient can open and read.
The abbreviation TLS stands for Transport Layer Security. It was originally designated to run on top of transport protocols such as TCP/IP-Models. The TLS protocol essentially encrypts data transmissions online or between devices to ensure they are only accessed by the authorized recipients. The protocol’s predecessor was the well-known SSL (Secure Socket Layer) which is why TLS is often referred to as SSL/TLS to avoid confusion.
TLS encrypts data sent via the Internet and is normally implemented on top of TCP using symmetric cryptography.
Find out more about the different encryption methods in our dedicated article on the topic.
What may sound simple in theory, is quite complicated in reality. As part of the secure transmission process, the server has to share the access key with the client – before any communication is secured via TLS. You may be well-aware of the issue if you regularly send encrypted e-mail attachments: by encrypting an attachment, you need to share the password with the recipient, for example, via telephone.
The TLS protocol uses the following measures to solve this problem:
The reason why asymmetric encryption is only used for the session key (but not the encryption of the data streams themselves) is because of speed: asymmetric encryption is relatively slow and would delay the data communication.
TLS is a relatively elegant solution to secure data transfer on the web because it doesn’t require parties to encrypt the content they exchange. Instead, it suffices for the transport only to be conducted via the TLS protocol, irrespective of the operating system or software applications used by the parties involved. All data streams are then automatically encrypted during transmission.
However, the added layer of security comes at the cost of speed because processes such as certification, and public and session key generation are computationally intensive.
TLS is universally deployable because it doesn’t rely on specific operating systems or applications. Accordingly, a variety of TLS-secured versions are available for various user protocols. The naming scheme is simple: the name of the protocol concludes on the letter “s” if the protocol communicates via TLS.
The most important area of application for TLS is the World Wide Web, or more accurately, the HTTP protocol. The encrypted version is called HTTPS.
Other frequent fields of application include:
OpenVPN, which is a free software for Virtual Private Networks (VPN), also uses a TLS protocol.
Among the most important implementations of TLS are:
The list is not complete. For more information on the implementation of TLS, Wikipedia is an excellent source.
However, TLS is not immune to attacks and data leaks. Some well-known points of attack and weak spots include:
At the same time, there have been attempts to avoid a fully secure TLS encryption in order for authorities to access encrypted communications, for example, to monitor the fraudulent activity of financial transactions. The European Telecommunications Standards Institute has been among the organizations at the forefront of creating defined breaking points in the protocol.
If you want to connect a computer, smartphone, etc. to a network (LAN or WiFi), you can either assign the IP address manually or get it automatically. The latter is possible thanks to the DHCP (dynamic host configuration protocol) communication protocol, which has established itself as the cross-platform standard solution for address management. The forerunner was the BOOTP bootstrap protocol that...
StartTLS initiates encryption of an e-mail based on the TLS protocol. For this purpose, the server is pinged without encryption first of all, and StartTLS support is requested. The encryption method can be used when the answer is positive. StartTLS is handy, as e-mails are encrypted automatically once the method has been accepted. You don't need to contact a dedicated port, StartTLS can simply be...
The Domain Name System has a big security flaw: requests and responses are traditionally sent unencrypted. This provides Internet criminals with an ideal point of attack. Again and again, users are being directed to websites that they actually have no desire to visit. DNS over TLS acts as a deterrent. How does the security concept work?
As a global computer network, the Internet provides the perfect foundation for gathering and distributing information. The World Wide Web, the most well-known Internet service, convincingly proves this fact. The older Usenet benefits from the Internet’s global network as well. In order to be able to transfer data, it relies on the unique NNTP, which is the focus of this article.
SSL and TLS are two encryption protocols that are frequently used in email programs and browsers. Have you ever wondered which one you should choose when you are prompted to pick one when configuring an email client, for example? Here, you will learn what the differences between SSL and TLS are and why only one of them is still viable today.
