In simple terms TLS/SSL protocol provides security over internet connections while authenticating password or sending any other secure data.we see some web address have https:// that means secure http. it uses TLS/SSL. Client and server communicate with TTS/SSL Protocols securely.
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet. TLS and SSL encrypt the segments of network connections at the Application Layer for the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for confidentiality, and message authentication codes for message integrity.
Several versions of the protocols are in widespread use in applications such as web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP).
History and Standards for TLS and SSL
SSL was developed by Netscape Communications Corporation in 1994 to secure transactions over the World Wide Web. Soon after, the Internet Engineering Task Force (IETF) began work to develop a standard protocol that provided the same functionality. They used SSL 3.0 as the basis for that work, which became the TLS protocol.TLS is little advanced the SSL.
TLS and SSL are used as the protocols that provide secure HTTP (HTTPS) for Internet transactions between Web browsers and Web servers. TLS/SSL can also be used for other application level protocols, such as File Transfer Protocol (FTP), Lightweight Directory Access Protocol (LDAP), and Simple Mail Transfer Protocol (SMTP). TLS/SSL enables server authentication, client authentication, data encryption, and data integrity over networks such as the World Wide Web.
Differences between TLS and SSL
TLS is slightly advnce then SSL. Still both are not interchangeable. Both communication machines should have same protocol.
TLS Enhancements to SSL
1. The keyed-Hashing for Message Authentication Code (HMAC) algorithm replaces the SSL Message Authentication Code (MAC) algorithm.
2. TLS is standardized in RFC 2246.
3. Many new alert messages are added.
4. In TLS, it is not always necessary to include certificates all the way back to the root CA. You can use an intermediary authority.
Latest posts by Shankar Morwal (see all)
- Upgrade node.js version in ubuntu 14 or ubuntu 16 - May 8, 2017
- Angular 4 will be out soon, Everything you need to know - February 20, 2017
- Installing teamcity 10.0.4 on ubuntu server - January 17, 2017