What Is Transport Layer Security?

Transport Layer Security (English: Transport Layer Security, abbreviated as TLS ) and its predecessor, Secure Sockets Layer (abbreviated as SSL ), is a security protocol designed to provide security and data integrity for Internet communications Protection. Netscape introduced the first version of its web browser in 1994. When Netscape Navigator launched the HTTPS protocol and encrypted it with SSL, this is the origin of SSL. The IETF standardized SSL and published the first version of the TLS standard document in 1999. RFC 5246 (August 2008) and RFC 6176 (March 2011) were subsequently published. This protocol is widely supported in browsers, email, instant messaging, VoIP, Internet fax and other applications. Major websites, such as Google and Facebook, also use this protocol to create secure connections and send data. It has become the industry standard for secure communications on the Internet.

TLS protocol adopted
The following briefly describes how the SSL protocol works. The client sends and receives several handshake signals:
  1. Send a " ClientHello " message, including: supported protocol versions, such as TLS 1.0, a client-generated random number (later used to generate a "session key"), supported encryption algorithms (such as RSA public keys Encryption) and supported compression algorithms.
  2. Then I receive a " ServerHello " message, which includes: confirming the version of the encrypted communication protocol used, such as TLS 1.0 (if the browser is incompatible with the server, the server closes the encrypted communication), a random number generated by the server (later Used to generate the "session key"), confirm the encryption method used (such as RSA public key encryption), server certificate.
  3. When both parties know the connection parameters, the client and server exchange certificates (depending on the chosen public key system). These certificates are usually based on X.509, but drafts support OpenPGP-based certificates.
  4. The server requests the client's public key. The client has a certificate, that is, two-way identity authentication, and a public key is randomly generated when there is no certificate.
  5. The client and the server negotiate the common master and private key through the public key confidentiality (the two sides randomly negotiate), which is achieved through a carefully designed pseudo-random number function. The result may be a Diffie-Hellman exchange, or a simplified public key encryption, with each party decrypting it with a private key. All other critical data is encrypted using this "master key." In data transmission, the Record layer is used to encapsulate higher-level protocols such as HTTP. Record layer data can be compressed and encrypted at will, together with the message verification code. Each recording layer package has a Content-Type segment to record the protocols used by the higher layers. [2]

IN OTHER LANGUAGES

Was this article helpful? Thanks for the feedback Thanks for the feedback

How can we help? How can we help?

RELATED ARTICLES