Home

TLS

TLS, or Transport Layer Security, is a cryptographic protocol designed to provide confidentiality, integrity, and authentication for communications over a computer network. It is the successor to the Secure Sockets Layer (SSL) protocol and is widely used to secure application protocols such as HTTPS, SMTP, IMAP, and FTPS. TLS sits between the application layer and the transport layer, typically on top of TCP, and can also be used over UDP in the form of DTLS.

TLS uses a handshake to negotiate cryptographic parameters and, if authentication is required, to verify the

TLS versions include TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3. TLS 1.3, published in 2018,

Security and governance: TLS relies on the public key infrastructure and trusted certificate authorities. Correct configuration,

identities
of
the
communicating
parties
using
X.509
certificates
issued
by
trusted
certificate
authorities.
The
handshake
establishes
a
shared
secret
(often
via
ephemeral
public-key
exchange
such
as
ECDHE)
which
is
then
used
to
derive
symmetric
encryption
keys.
All
subsequent
application
data
is
encrypted
with
one
of
a
set
of
symmetric
ciphers
(for
example
AES-GCM
or
ChaCha20-Poly1305)
and
protected
for
integrity
with
an
AEAD
construction.
TLS
supports
session
resumption
to
avoid
full
handshakes
on
repeat
connections.
simplifies
the
handshake,
removes
legacy
cryptography,
and
requires
forward
secrecy.
Many
deployments
now
use
TLS
1.2
or
TLS
1.3
with
modern
cipher
suites,
while
older
versions
and
weak
ciphers
are
deprecated.
The
protocol
also
underpins
DTLS
for
datagram
transports
used
by
some
real-time
applications.
up-to-date
software,
and
strong
cipher
suites
are
essential
to
mitigate
vulnerabilities
such
as
downgrade
attacks,
certificate
misissuance,
and
implementation
flaws.
Regular
auditing
and
proper
certificate
lifecycle
management
help
maintain
secure
communications.