Transport Layer Security

TLS is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol. The TLS Record Protocol provides connection security with some encryption method such as the Data Encryption Standard (DES). The TLS Record Protocol can also be used without encryption. The TLS Handshake Protocol allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is exchanged.

The TLS protocol is based on Netscape's SSL 3.0 protocol; however, TLS and SSL are not interoperable. The TLS protocol does contain a mechanism that allows TLS implementation to back down to SSL 3.0. The most recent browser versions support TLS. The TLS Working Group, established in 1996, continues to work on the TLS protocol and related applications.

Read more about Transport Layer Security: - SearchSecurity.com provides selected resources on TLS. - William Stalling briefly explains TLS in his "Web Security" on the Microsoft site.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

BROWSE BY TAG Network Protocols and Security,   Enterprise Network Security,   SSL and TLS VPN Security,   Secure VPN Setup and Configuration,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Kaminsky interview: DNSSEC addresses cross-organizational trust and security A year since his serious DNS cache poisoning bug was made public, security researcher Dan Kaminsky advocates for widespread DNSSEC deployments. PCI compliance requirement 4: Encrypt transmissions Diana Kelley and Ed Moyle of Security Curve review PCI compliance requirement 4: "Encrypt transmission of cardholder data across open, public... Balancing security and performance: Protecting layer 7 on the network This video will explain options for securing application-layer traffic using network security technologies, architectures and processes, including...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary 5 terms you need to know before you employ VoIP  (SearchSecurity.com) digest authentication  (SearchSecurity.com) Digest authentication is a method of authentication in which a request from a potential user is received by a network server and then sent to a domain...