2. 02
Introduction
What is TLS?
What does TLS do?
Why do we need it?
The Purpose of TLS
Difference between TLS &SSL
How does TLS work?
How to detect secure connections?
3. Transport Layer Security, or TLS, is a widely adopted security
protocol designed to facilitate privacy and data security for
communications over the Internet. A primary use case of TLS is
encrypting the communication between web applications and
servers, such as web browsers loading a website. TLS can also
be used to encrypt other communications such as email,
messaging, and voice over IP (VoIP).
TLS was proposed by the Internet Engineering Task Force.
03
What Is TLS ?
4. 04
What does TLS do?
Encryption
Authentication
Integrity
There are three main components to what the TLS protocol accomplishes:
Encryption: hides the data being transferred to third parties.
Authentication: ensures that the parties exchanging information are who they claim to be.
Integrity: verifies that the data has not been forged or tampered with.
5. 05
Why do we need it?
TLS ensures that no third party may get access to tamper with any message.
6. The Purpose of TLS :-
T L S e n c r y p t i o n h e l p s p r o t e c t w e b a p p l i c a t i o n s a g a i n s t d a t a t a m p e r i n g a n d
e a v e s d r o p p i n g a n d i s b e c o m i n g s t a n d a r d p r a c t i c e f o r m o s t w e b s i t e s . S S L / T L S
p r o t o c o l s w e r e d e v e l o p e d t o r e s p o n d t o t h e i n c r e a s i n g n u m b e r o f s e c u r i t y
t h r e a t s a n d t h e n e e d f o r e n c r y p t i o n f r o m b o t h c l i e n t a n d s e r v e r e n d s .
T L S i s i n p l a c e t o h e l p p r o t e c t u s e r p r i v a c y a n d s e c u r i t y . W i t h o u t T L S ,
s e n s i t i v e i n f o r m a t i o n t r a n s f e r r e d o v e r t h e i n t e r n e t s u c h a s l o g i n c r e d e n t i a l s ,
p e r s o n a l i n f o r m a t i o n , a n d c r e d i t c a r d n u m b e r s a r e v u l n e r a b l e t o t h e f t . I t
w o u l d a l s o b e p o s s i b l e f o r u n k n o w n t h i r d p a r t i e s t o m o n i t o r e m a i l s , b r o w s i n g
h a b i t s , a n d d i r e c t m e s s a g e c o r r e s p o n d e n c e .
06
7. I n a d d i t i o n t o p r o t e c t i n g i n d i v i d u a l u s e r i n f o r m a t i o n , T L S a l s o h e l p s
p r o t e c t w e b a p p l i c a t i o n s a g a i n s t d a t a b r e a c h e s a n d d i s t r i b u t e d d e n i a l -
o f - s e r v i c e ( D D o S ) a t t a c k s . D a t a b r e a c h e s a n d D D o S a t t a c k s c a n p r o v e
t o b e i n c r e d i b l y c o s t l y t o o r g a n i z a t i o n s o f a l l s i z e s a n d c a n a l s o c a u s e
i r r e p a r a b l e d a m a g e t o c o n s u m e r t r u s t . E n s u r i n g t h a t w e b b r o w s e r s a r e
u s i n g T L S i s a n e a s y w a y t o a m p l i f y s e c u r i t y a n d h e l p p r o t e c t b o t h u s e r
a n d o r g a n i z a t i o n a l p r i v a c y .
M o s t b r o w s e r s t o d a y s u p p o r t T L S b y d e f a u l t . F o r i n s t a n c e , G o o g l e
C h r o m e a c t i v e l y w a r n s u s e r s a g a i n s t n o n - H T T P S w e b s i t e s . I n t u r n , u s e r s
a r e a l s o b e c o m i n g s a v v i e r a b o u t w e b s i t e s e c u r i t y a n d c h e c k i n g f o r
s e c u r e d a t a t r a n s f e r p r o t o c o l s . B y i n s i s t i n g o n m a n d a t o r y u s e o f T L S i n
a l l w e b - b a s e d c o m m u n i c a t i o n s , o r g a n i z a t i o n s a n d i n d i v i d u a l s c a n h e l p
e n s u r e a s h a r e d b a s i c l e v e l o f p r o t e c t i o n f o r w e b - b a s e d a c t i v i t y .
07
8. 08
DIFFERENCE
BETWEEN TLS AND SSL ?
TLS evolved from a previous encryption protocol called Secure Sockets Layer (SSL), which was
developed by Netscape.
TLS version 1.0 actually began development as SSL version 3.1, but the name of the protocol
was changed before publication in order to indicate that it was no longer associated with
Netscape.
Because of this history, the terms TLS and SSL are sometimes used interchangeably.
9. 09
How Does TLS Work?
TLS security is designed to use encryption from both client and server ends to help ensure a
secure connection between two or more communicating applications, guarantee
interoperability between devices, and operate with relative efficiency.
Client-server communication begins by indicating whether communications will proceed with
or without TLS protocols. The client can specify a TLS connection in a variety of ways. For
instance, the client might use a port number that supports the types of encryptions used in TLS
communications. Another potential method is to make a protocol-specific request to switch to
a TLS connection.
10. 1 0
Chrome can display the version.
Click on the padlock icon (on the left of the URL);
A popup appears, which contains some details, including the protocol version
(e.g. "the connection uses TLS 1.0")(verified on version 21.0.1180.82).
How to detect
secure connections?