Transport Layer Security, the New Face of Encryption.

transport layer securitySSL is a common topic when discussing website security. SSL or Secure Socket Layer protocol creates a secure transaction between web servers and browsers by encrypting information and data. Most people are familiar enough with SSL Certificates to look for the https:// sign in the website URL before giving important information. Although SSL is the most common encryption technology, it’s not the latest or the most up-to-date.

TLS (Transport Layer Security) is SSL’s successor. It allows client and server communication while preventing third party eavesdropping and message tampering. The difference between TLS and SSL is minor, but significant enough that they are not interoperable. There is a measure allowing TLS to downgrade the connection to SSL but this weakens certain security measures.

TLS works in two parts:

  • TLS Record Protocol–provides connection security using stronger encryption algorithms than SSL but can also be used without encryption. TLS can also be used on different ports.
  • TLS Handshake Protocol allows the server and client authenticate each other and then negotiate and agree on security measures before any data is exchanged.

There is a measure allowing TLS to downgrade the connection to SSl but this weakens certain security measures.

To Learn more about TLS check out these links:

http://www.techsoup.org/learningcenter/networks/page11959.cfm

http://en.wikipedia.org/wiki/Transport_Layer_Security

http://searchsecurity.techtarget.com/definition/Transport-Layer-Security-TLS

 

Share

Comments

  1. Blogginator-Mellancamp says:

    Actually, I didn’t know that the “s” in https:// indicated higher security. Seems like I heard about it once before but I really doubt most people know to look for it. Good to know.

    Now that SSL is being replaced by TLS, what will I look for in order to know I have a secure connection before transmitting data to a website? I’ll take a look at the articles for the answer but if you want to answer this, that would be fine too.

    Thanks!

  2. In everything that I have read, it still reads https, but if you click on the padlock (found left of the URL) a popup will appear listing details such as certificate information, path and protocol version (SSL or TLS and which version such as 1.0, 2.0, etc.). Some address bars turn green which indicates that the website is safe and secure.

  3. Blogginator-Mellancamp says:

    Thanks! However, I don’t see a padlock next to any URL I visit. Does it take another form with some browsers?

    I’ll check the articles as well.

    Thanks again!

  4. I appreciate your follow up question. I see what you are referring to. You will find that the padlock is only displayed when you are visiting URLs which need a secure connection, such as banks and payment pages. I have found that sometimes the padlock is displayed on the right-hand side instead of the left. Sometimes it’s not a padlock at all but a specialized button next to the URL but the effect is the same -click on the button and you will be able to read the certificate information.

    This article might be helpful:
    http://blog.zeltser.com/post/22969115694/padlock-and-favicon-confusion-in-browsers

    Cheers!

Speak Your Mind

*