What is SSL/TLS?
SSL/TLS (Secure Sockets Layer / Transport Layer Security) are cryptographic protocols designed to provide secure communication over a computer network. TLS is the successor to SSL and is used to encrypt data transmitted between clients and servers.
Quick Facts
| Full Name | Secure Sockets Layer / Transport Layer Security |
|---|---|
| Created | SSL 1995 by Netscape, TLS 1999 by IETF |
| Specification | Official Specification |
How SSL/TLS Works
SSL was developed by Netscape in 1995, with SSL 3.0 being the most widely adopted version. Due to security vulnerabilities, SSL was deprecated in favor of TLS. TLS 1.0 (1999) was essentially SSL 3.1, with TLS 1.2 (2008) and TLS 1.3 (2018) adding significant security improvements. TLS provides three main security services: encryption (confidentiality), authentication (identity verification), and integrity (tamper detection). It uses a combination of symmetric and asymmetric cryptography, with certificates for identity verification.
Key Characteristics
- Provides encryption, authentication, and integrity
- TLS 1.3 is the current recommended version
- Uses certificates for server authentication
- Combines symmetric and asymmetric encryption
- Handshake protocol establishes secure connection
- SSL is deprecated due to vulnerabilities
Common Use Cases
- HTTPS website encryption
- Email encryption (SMTPS, IMAPS)
- VPN connections
- Secure API communication
- Database connection encryption
Example
TLS Version History:
Version Year Status
SSL 2.0 1995 Deprecated (insecure)
SSL 3.0 1996 Deprecated (POODLE attack)
TLS 1.0 1999 Deprecated
TLS 1.1 2006 Deprecated
TLS 1.2 2008 Widely used
TLS 1.3 2018 Recommended
TLS 1.3 Handshake (simplified):
1. Client Hello + Key Share
2. Server Hello + Key Share + Certificate
3. Client Finished
4. Application Data (encrypted)
Cipher Suite Example (TLS 1.3):
TLS_AES_256_GCM_SHA384
- AES-256-GCM for encryption
- SHA-384 for HMAC
OpenSSL Check:
openssl s_client -connect example.com:443 -tls1_3