What is Transport Layer Security (TLS)?

Despite the goal of keeping Web communications private, flaws in the design and implementation of Transport Layer Security have led to breaches, but the latest version – TLS 1.3 – is an overhaul that strengthens and streamlines the crypto protocol.

What is TLS?

TLS is a cryptographic protocol that provides end-to-end communications security over networks and is widely used for internet communications and online transactions. It is an IETF standard intended to prevent eavesdropping, tampering and message forgery. Common applications that employ TLS include Web browsers, instant messaging, e-mail and voice over IP.

Many businesses use TLS to secure all communications between their Web servers and browsers regardless of whether sensitive data is being transmitted.

TLS’s predecessor, secure socket layer (SSL) was developed by Netscape in 1995. SSL version 1.0 and 2.0 contained many security flaws that prompted a complete redesign of the protocol. In 1996, Netscape released SSL version 3.0 which was the basis for TLS1.0.  In 1999, the PCI Council suggested the eventual deprecation of SSL as TLS 1.0 was a significant upgrade to SSL 3.0. 

TLS vs. SSL  

TLS is more efficient and secure than SSL as it has stronger message authentication, key-material generation and other encryption algorithms. For example, TLS supports pre-shared keys, secure remote passwords, elliptical-curve keys and Kerberos whereas SSL does not.  TLS and SSL are not interoperable, but TLS does offer backward compatibility for older devices still using SSL.

The TLS protocol specification defines two layers. The TLS record protocol provides connection security, and the TLS handshake protocol enables the client and server to authenticate each other and to negotiate security keys before any data is transmitted.