What is TLS encryption?
TLS stands for Transport Layer Security. It’s a protocol that is used to encrypt information before it’s transmitted from one place to another.
For example, when you make a credit card payment online, TLS would be used to encrypt your details before they’re sent off to the website to process the payment.
How is TLS protocol different from SSL protocol?
SSL was first implemented in 1995, which means it turned 25 in 2020. TLS is newer, more advanced, and has effectively replaced SSL.
How TLS encryption works
When your computer or mobile device wants to connect to a website or service securely, it completes what is called a “handshake” process. This process is used to verify a few things and start the secure transmission of data.
Here are the steps that are taken:
- The client (computer/phone) opens with a “hello” message. This message contains some basic information about, such as the SSL/TLS versions and ciphers that are supported by the client. A special “random key” is also generated and provided to the server.
- The server (website/online service) responds with the same kind of information, such as the SSL/TLS versions and ciphers that are supported. The server also generates a “random key”. The server will also provide its SSL Certificate to the client.
- Once the client has the certificate, it will take various steps to verify that the SSL Certificate is valid and the server is who it says it is.
- The client then generates another special key called the “pre-master secret”, which can only be decrypted by the server. (Image courtesy of CloudFlare)
- The client and the server generate unique session keys, which will be used to verify the connection and information transferred between the client and the server.
- The client sends a “ready” message to the server, which encrypted using the session key
- The server sends a “ready” message to the client that has been encrypted using the session key
As long as the process is successful, communication between the client and the server will continue using the session keys that were generated.
One thing to note here is the client and server will only use the highest and most secure version of SSL/TLS that they both support.
Will TLS be replaced one day?
Some day, yes it’ll likely be replaced. But for the time being TLS is being improved as time goes on, and newer versions are coming out.
The first iterations of TLS, TLS 1.0 and TLS 1.1 are now quite old and being phased out because they’re insecure. The newer versions are 1.2, and in 2018 TLS 1.3 was released.