What is TLS?
TLS(Transport Layer Security) is a protocol for securing communication between the client and the server. It is specifically used in the HTTPS protocol. TLS is specifically designed to facilitate privacy and data security for communications over the internet. The primary use of TLS includes encrypting data between web application and server. For example, a web browser loading a web page. This protocol can also be used for encryption of SMTP servers, messaging, etc. TLS was evolved from the previous encryption protocol called SSL (Secure Socket Layer). SSL is proposed by Netscape in early 1995 and TLS by Internet Engineering Task Force(IETF). The first version of the protocol was published by IETF in 1999.
Difference between SSL and TLS
The first version of TLS actually began as the third version of SSL. The name of the protocol got changed by IETF. The name changed in order to show ownership of protocol which was no longer part of Netscape.
Difference between TLS and HTTPS
HTTP protocol uses the TLS protocol to make HTTPS protocol. Basically, HTTP uses TLS encryption to make HTTPS protocol. HTTPS is the implementation of the TLS protocol on top of HTTP.
How TLS protocol works?
In TLS there is some kind of cryptographic protocol that exists between two parties during communication. They have to follow certain rules and certain message structure during TLS communication. The idea being we can use it very quickly establishing encryption and use that encryption on top of protocols like HTTP. It’s just a cryptographic protocol that sits on top of TCP and can be used for anything. So, loads of interactive communication could take place with encryption using TLS. There are few things that take place in the cryptographic communication. The first thing gets what kind of ciphers we are using during cryptographic communication. The kind of ciphers used has been changed over the years for being lesser secure with time.
One of the coolest features of TLS becomes its pre-defined message structure. For example, if the TCP client is written in Java, and the server code is written in C++. The client and server will still be able to communicate as the TLS message structure gets defined irrespective of the programming language used. Then the second thing is the key used the keys. In certain cryptographic algorithms, there is a public key and there is a private key. These keys are used for message authentication. We need some kind of authentication so that at least one of the parties should have proof of whoever they are. This is very important, as the attacker can intercept these TLS messages and gain sensitive information. Usually, with the server, it’s quite more important.
The final and most important thing about TLS becomes it is Robust. TLS is robust against MiTM(Man in the Middle) attacks, Replay attacks, Downgrade attacks, and various possible attacks.
TLS Handshake
Everything in TLS happens in handshake. Majority of the stuff happens in a TLS handshake while communication. The structure of the handshake is as follows:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
The structure is explained below:
ECDHE : This is nothing but the method in which key exchange takes place.
RSA : RSA is Public key cryptographic algorithm.
AES : It is a cipher that is used with the algorithm
128 : It is the key size.
GCM : Galious Counter Mode is the mode of operation.
SHA256 : This is the hashing function algorithm used in the handshake.
TLS handshake is the negotiation between the client and the server on the network to establish the details of the connection. It determines the version of TLS used, what algorithm, and which cipher suite will encrypt the communication. It verifies the server, establishes the secure connection, and transfers the data accordingly. In the first step, the client sends a “HelloServer” message to the server. Then the server connects to the client and verifies the version of TLS being used. The server also verifies the cipher suite the client has. The server then provides the certificate and public key.
The client verifies the public key and sends the private key to the server. The client then extracts the public key. The server uses a private key to decrypt. The client and server both have a pre-master key called a secret key. The client then sends an encrypted message with a specific encryption suite and the server decrypts it. The client and server now have secret shared encryption which they use for the entire remaining session.
