Transport Layer Security (TLS)

Contributor(s): Michael Cobb

Transport Layer Security (TLS) is a protocol that provides privacy and data integrity between two communicating applications. It's the most widely deployed security protocol used today, and is used for Web browsers and other applications that require data to be securely exchanged over a network, such as file transfers, VPN connections, instant messaging and voice over IP.

TLS evolved from Netscape's Secure Sockets Layer (SSL) protocol and has largely superseded it, although the terms SSL or SSL/TLS are still sometimes used. Key differences between SSL and TLS that make TLS a more secure and efficient protocol are message authentication, key material generation and the supported cipher suites, with TLS supporting newer and more secure algorithms. TLS and SSL are not interoperable, though TLS currently provides some backward compatibility in order to work with legacy systems.

According to the protocol specification, TLS is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol. The Record Protocol provides connection security, while the Handshake Protocol allows the server and client to authenticate each other and to negotiate encryption algorithms and cryptographic keys before any data is exchanged.

Implementation flaws have always been a big problem with any encryption technology, and TLS is no exception. The infamous Heartbleed bug was the result of a surprisingly small bug in a piece of logic that relates to OpenSSL's implementation of the TLS heartbeat mechanism, which is designed to keep connections alive even when no data is being transmitted. Although TLS is not vulnerable to the POODLE attack, because it specifies that all padding bytes must have the same value and be verified, a variant of the attack has exploited certain implementations of the TLS protocol that don't correctly validate encryption padding.

The IETF officially took over the SSL protocol to standardize it with an open process and released version 3.1 of SSL in 1999 as TLS 1.0. The protocol was renamed TLS to avoid legal issues with Netscape, which developed the SSL protocol as a key feature part of its original Web browser.

TLS 1.2 is the current version of the protocol, and as of this writing, the Transport Layer Security Working Group of the IETF is working on TLS 1.3 to address the vulnerabilities that have been exposed over the past few years, reduce the chance of implementation errors and remove features no longer needed. TLS 1.3 is still a draft and has not been finalized yet, but having an updated protocol that's faster, more secure and easier to implement is essential to ensure the privacy and security of information exchange and maintain trust in the Internet as a whole.

This was last updated in May 2016

Continue Reading About Transport Layer Security (TLS)

Dig Deeper on SSL and TLS VPN Security

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

My God, DES?! Anybody in security for any length of time knows that FRIENDS DON'T LET FRIENDS USE DES! Why would you even include that term in your definition? That's like saying a hole-in-the-ground is the successor to the John.
Provides authentication, encryption, and, in principle, data compression functions fits well into the EAP/IEEE 802.1X model.
TSL is by microsoft? Good luck with their unusable pages and unreasonable ways and lack of security. Might as well come Cop-knock on my door as if I'm a criminal for being a citizen.
When will the need to continue support for SSL 3.0 in legacy applications be outweighed by the need for greater security afforded by TLS 1.3?
I sure want to know the answer to Margaret's question. I wonder if some browsers and HTTP servers are quietly switching their default protocol to TLS. Is it safe to assume our SSL keys will be compatible or are we going to eventually need to generate new certificates?


File Extensions and File Formats