How does TLS or Transport Layer Security Protocol work ?

If not redirected, please click here https://www.thesecuritybuddy.com/encryption/how-does-tls-protocol-work/

When two hosts communicate with each other over the unsecured network and they want to transfer sensitive data between them, especially for bank transactions or ecommerce transactions, they must use an encrypted and secured connection. SSL or Secure Socket Layer was developed by Netscape for that purpose. It enabled bank and ecommerce transaction security over the unsecure network.

Protocols in the Application Layer need to remain unchanged, yet provide communication security. And hence, SSL was implemented in Session Layer.

SSL 2.0 was first publicly released version of the protocol. But, soon security flaws were found in it. So, SSL 3.0 replaced SSL 2.0. TLS 1.0 is an upgraded version of SSL 3.0.

How does TLS work ?

Once a client starts communication with the server, TCP connection gets established following the below mentioned couple of steps.

• The Client first communicates with the server sending a Hello message. The message includes number of options that will be used in the communication, such as version of the protocol to be used, CipherSuites supported by the client, compression methods and a 32 byte random number.
• Server replies to the Hello message and makes choices about the options to be used, like version of protocol, CipherSuite and compression method. It also fills up the SessionID and replaces the 32 byte random number with date and timestamp.
• The Server now sends Digital Certificates to the Client. This Digital Certificates contain the public key of the Server.
• The Client verifies the Digital Certificate with CA or Certificate Authority.
• After the Digital Certificate is verified, the Client starts to negotiate the symmetric key. There are a number of algorithms it can use. One example is Diffie-Hellman Key Exchange Algorithm. Please note that, at this point, secure connection is not yet established. So, symmetric key cannot be exchange between the Server and the Client directly and hence, key exchange algorithms like Diffie-Hellman Key Exchange Protocol is used. The Client also signs the message and sends the MAC or Message Athentication Code to the Server.
• The Server processes the key exchange parameters. It also checks the MAC or Message Athentication Code to verify the integrity and authenticity of the message sent.
• If everything goes well, a secure TLS connection is established between the Server and the Client and secure communication starts to transfer sensitive application data.

This was an informative article on TLS. Hope you enjoyed it.



Read More

How does SSL protocol work ?

How is TLS different from SSL ?

What is IPSec ?

How does IPSec protocol work ?

How does Point-to-Point protocol work ?

How does SSH protocol work ? 

How does HTTPS protocol work ? 

What is SSL VPN and how is it different from IPSec VPN ?