Transport Layer Security

TLS is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol. The TLS Record Protocol provides connection security with some encryption method such as the Data Encryption Standard (DES). The TLS Record Protocol can also be used without encryption. The TLS Handshake Protocol allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is exchanged.

The TLS protocol is based on Netscape's SSL 3.0 protocol; however, TLS and SSL are not interoperable. The TLS protocol does contain a mechanism that allows TLS implementation to back down to SSL 3.0. The most recent browser versions support TLS. The TLS Working Group, established in 1996, continues to work on the TLS protocol and related applications.

Read more about Transport Layer Security: - The Internet Engineering Task Force's RFC 2246 describes Transport Layer Security formally. - SearchSecurity.com provides selected resources on TLS. - William Stalling briefly explains TLS in his "Web Security" on the Microsoft site.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Are open recursive DNS servers inherently insecure? Recursion was meant to make the Internet run better, but expert Michael Cobb explains why the willingness of malicious users to abuse this service has... How to protect DNS servers The DNS database is the world's largest distributed database, but unfortunately, DNS was not designed with security in mind. Application security... What to consider before opening a port Recently, a reader asked network expert Mike Chapple, "What would be the security implications of opening six ports through a firewall?" Chapple...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary digest authentication  (SearchSecurity.com) Digest authentication is a method of authentication in which a request from a potential user is received by a network server and then sent to a domain... IGP  (SearchSecurity.com)