TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are cryptographic protocols designed to provide secure communication over a computer network, most commonly the internet. TLS establishes an encrypted channel between two parties through a handshake process that authenticates the server (and optionally the client) using digital certificates, negotiates encryption algorithms, and exchanges session keys via public key cryptography. It is the security layer behind HTTPS, securing web browsing, email, messaging, and VoIP communications.
| Version | Year | Status | Key Features | Vulnerabilities |
|---|---|---|---|---|
| SSL 2.0 | 1995 | Deprecated | First widely used version | DROWN, POODLE |
| SSL 3.0 | 1996 | Deprecated | Improved over SSL 2.0 | POODLE attack |
| TLS 1.0 | 1999 | Deprecated | Replaced SSL 3.0 | BEAST, POODLE |
| TLS 1.1 | 2006 | Deprecated | IV improvements | BEAST (partial) |
| TLS 1.2 | 2008 | Still used | AEAD ciphers, SHA-256 | Weak configs possible |
| TLS 1.3 | 2018 | Recommended | 1-RTT handshake, forward secrecy | None known (current) |
Wikimedia Commons, CC BY-SA
Public key cryptography (also known as asymmetric cryptography) is a cryptographic system that uses mathematically linked key pairs: a public key that can be freely distributed and a private key that must remain secret to its owner. Data encrypted with a public key can only be decrypted by the corresponding private key, and a message signed with a private key can be verified by anyone holding the public key. This system, introduced by Diffie and Hellman in 1976 and implemented by RSA in 1977, underpins secure internet communication, digital signatures, and certificate authorities.
Encryption is the process of converting plaintext (readable data) into ciphertext (scrambled data) using a cryptographic algorithm and a key, so that only authorised parties with the corresponding decryption key can read the original message. Symmetric encryption uses the same key for encryption and decryption (e.g., AES), while asymmetric encryption uses a public-private key pair (e.g., RSA). Encryption is fundamental to securing data in transit (HTTPS, VPN) and data at rest (encrypted hard drives, databases).
HTTP (HyperText Transfer Protocol) is an application-layer protocol that defines how messages are formatted and transmitted between web browsers (clients) and web servers. It operates as a request-response protocol: a client sends an HTTP request (e.g., GET, POST, PUT, DELETE) and the server returns an HTTP response with a status code and the requested resource. HTTPS is the secure version of HTTP, adding TLS encryption to protect data in transit.
SSL was developed by Netscape Communications in 1994–1995 to secure web transactions. "Secure Sockets Layer" refers to the operating system socket API used for network communication. TLS was standardised by the IETF in RFC 2246 (1999) as a vendor-neutral successor to SSL. "Transport" derives from Latin transportare (to carry across); "Layer" refers to its position in the OSI network model.