Communication online is more widespread now than ever before - among individuals, organisations and governments alike. Besides heightened awareness through awareness training, there is a huge need to secure this communication with encryption technologies. Transport Layer Security (TLS) is one of such encryption technologies.
In short, TLS is a security protocol that ensures that communications between two devices are encrypted. TLS thus prevents data and communications from being intercepted and manipulated. The same applies to Secure Sockets Layer (SSL), which can be considered as the predecessor of TLS.
How TLS works
TLS is mainly used for secure web browsing. For example, when you see a padlock icon in your browser, HTTPS is used, which means that your connection is encrypted with TLS.
In addition, TLS protects email, file transfers, video services and Internet Service Providers (ISPs).
A TLS certificate (often called an SSL certificate) contains both a public and a private key that authenticate the server and allow it to encrypt and decrypt data. When you then visit a website, your web browser searches for the website's TLS certificate and then performs a kind of handshake to check its validity.
TLS is established in the following way:
- The user connects to a website that has HTTPS enabled.
- The user's browser requests the server's public key against its own. A key exchange thus takes place, allowing both parties to encrypt messages through the private and public keys. In this way, only the other party can read and decrypt with its private key.
- A set of unique keys specific to the user is generated when sending a message encrypted through the server's private key previously shared with the user.
So when you establish a secure connection online, TLS provides the framework for two endpoints (server computer and client computer) to communicate. Thanks to encryption, TLS ensures that the two parties speak the same language, which a third party can in no way read or manipulate.
When the connection is not secure, users are typically greeted with the warning "Your connection is not private." This means that the TLS certificate is not valid.
Symmetric and asymmetric encryption
TLS is a set of protocols consisting of one for the transport layer and one for securing web pages.
Using these cryptographic protocols, TLS employs both symmetric and asymmetric cryptography to increase the security of data transmission.
Symmetric encryption contributes to the efficient encryption and decryption of messages via secret keys known to both parties.
However, it can be difficult to share these secret keys securely, especially if you are trying to send the information over an insecure connection.
Asymmetric encryption does not require the two parties to share a secure channel. Instead, the process is typically much simpler than symmetric encryption. For example, one party sends a public key to the other party in an email and the other party downloads it onto their device.
However, larger keys are required to increase security. This means that they are more computationally intensive and therefore in some cases very slow.
TLS validates the ownership of the server's public key. All connections go through a so-called X.509 certificate, which confirms the authenticity for them to be considered secure. An X.509 certificate is a digital certificate that associates cryptographic key pairs with an identity such as a website, an individual or an organisation.
What is the difference between TLS and SSL?
As mentioned, TLS is a newer version of SSL (Secure Sockets Layer). In this way, TLS addresses certain security vulnerabilities in SSL.
SSL 1.0 was never published due to security flaws. Therefore SSL 2.0 was first released in 1995, but was already replaced by SSL 3.0 in 1996 due to security flaws.
In 1999, the first version of TLS was then released as an upgrade to SSL. Since then, there have been further upgrades to TLS, which is thus the most secure protocol today. It is both more secure and has higher performance. However, TLS can often be referred to as SSL.
Why you should use TLS
There's no doubt that it's always a good idea to use secure, encrypted connections - especially when dealing with sensitive information. TLS ensures privacy when you send emails and buy things online, for example.
While it's possible to set up encryption without the TLS certificate, it's the only way to make sure you're communicating with the right server. That's why it's also important to use TLS. We recommend that you keep an eye on the padlock icon in your browser, as it indicates that HTTPS is used and that the connection is thus encrypted with Transport Layer Security.
Emilie Hartmann is a student and copywriter at Moxso, where she is a language nerd and always on the lookout for new and exciting topics to write about. She is currently doing her Master's in English, where she is primarily working in the fields of Creative Writing and Digital Humanities.