TLS (Transport Layer Security) is an encryption protocol that ensures secure data transmissions on the internet. It is the successor to the outdated SSL and is now almost exclusively used in the TLS 1.3 version.

Secure email for digital privacy
  • Email protection on any device
  • SSL/TLS email encryption
  • Firewalls and spam filters offer first class virus protection
  • Daily protection and backups

What is TLS?

In the early days of the internet, data security wasn’t as important as it is today. All communication was sent openly and unencrypted from one computer to another. You can think of it like a postcard: every mail carrier could read it.

The TLS protocol—also known as SSL/TLS—introduced encryption of transmitted content. To continue the analogy, this encryption is like a sealed envelope that only the rightful recipient can open.

The abbreviation TLS stands for Transport Layer Security. This term refers to the transport layer of the TCP/IP model. TLS is a method that encrypts internet data streams, allowing only authorised recipients to read them.

Note

The former name of the encryption protocol was SSL (Secure Socket Layer). Since this abbreviation is still more well-known than TLS, TLS is often referred to by the double name ‘SSL/TLS’.

How does TLS work?

TLS encrypts data sent via the internet and is normally implemented on top of TCP using symmetric cryptography.

What sounds simple in practice is more complicated in reality. The fundamental problem is that the server must communicate the key to the client—before the communication is secured with TLS. Anyone who sends encrypted email attachments knows this issue: You encrypt a file and have to share the secret password with the recipient, e.g., over the phone.

The TLS protocol, whose current standard has been version 1.3 since 2018, uses the following procedure to solve this problem:

  1. ClientHello: The client (e.g., a browser) sends an initial message to the server with information about the supported encryptions. This includes cipher suites, protocol versions, a random value, and its own Elliptic-Curve-Diffie-Hellman key exchange value (ECDHE value). Optionally, the first encrypted data block can already be sent.
  2. ServerHello: The server selects the appropriate parameters and sends its response— including its ECDHE value and its digital certificate. This SSL certificate proves that the server is authentic and not pretending to be someone else. At the same time, the session key calculation begins.
  3. Key calculation: Both sides now independently calculate the same session key based on the jointly agreed key.
  4. The server completes the handshake and begins encrypted communication. The client does the same; the connection is now fully secured.
Note

Compared to previous versions, the TLS handshake in TLS 1.3 is significantly leaner and more secure. The entire process described here now requires just a single round-trip (1 RTT), noticeably speeding up the connection.

The reason why asymmetric encryption with Diffie-Hellman is only used for transmitting the session key (but not for encrypting the data streams themselves) is the speed advantage; asymmetric encryption is relatively slow and would delay data communication.

The pros and cons of TLS

TLS is an elegant solution for making web traffic more secure. It doesn’t require the two parties to encrypt the content themselves, such as form data. Instead, it’s sufficient if the traffic is routed through the TLS protocol, regardless of the participants’ operating systems and software applications. All data streams are then automatically encrypted during transmission.

The price of security is a slightly slower connection setup because the process steps mentioned above—certificate, random number, key exchange—are computationally intensive.

Uses of TLS

As mentioned, TLS can be used universally because it is independent of applications and operating systems. Accordingly, there is a TLS-secured version for a variety of application protocols. The naming scheme is quite simple in most cases: the letter ‘S’ is added to the protocol’s name when the protocol communicates via TLS.

The most important application area of TLS is the World Wide Web, specifically the HTTP protocol. Its encrypted version is called HTTPS.

Alongside these, the following common use cases should be mentioned:

  • POP3S: Retrieve emails from the server using the POP3 protocol
  • IMAPS: Synchronise inbox with the server using the IMAP protocol
  • SMTPS: Send emails
  • FTPS: File transfer via FTP protocol
  • SIPS: Voice-over-IP telephony over the SIP protocol
  • IRCS: Encrypted chats
  • QUIC: Google’s transport protocol that directly integrates TLS 1.3; an alternative to TCP for faster and more secure web connections (e.g., with HTTP/3)

OpenVPN, a free software for establishing a Virtual Private Network (VPN), also utilises the TLS protocol.

Key TLS implementations

Some of the most widely used implementations of TLS include:

  • OpenSSL – by far the most common implementation used by most HTTPS websites
  • GnuTLS (Free Software Foundation)
  • LibreSSL (OpenBSD)
  • NSS (Network Security Services)
  • BoringSSL (Google)
  • Rustls (Joe Birr-Pixton, Dirkjan Ochtman, Daniel McCarney, Josh Aas and Open-Source Community)
  • Botan (BSD License, Jack Lloyd)
  • JSSE (Java Secure Socket Extension, Oracle)
  • S2n (Amazon)

This list is not exhaustive. Detailed information about TLS implementations can be found on Wikipedia.

Well-known TLS attacks

Although TLS is designed for secure communication, it still has known weaknesses. These include:

  • Programming errors: The Heartbleed Bug became famous as a critical programming error in earlier versions of OpenSSL. It was fixed in 2014.
  • Weak encryptions: As a result of US cryptography export restrictions, ‘export-grade’ versions were developed that were easier to crack than the originals.
  • Compression attacks: When HTTP compression is used instead of TLS compression, it becomes possible for hackers to guess TLS-encrypted content through certain methods.
  • The BEAST attack affected TLS version 1.0 and was described as early as 2014. Current TLS versions are secure against it.
  • The Padding Oracle attack was discovered in 2002 and was possible up to SSL version 3.0. The current TLS version 1.3 is not affected.
  • The ALPACA attack from 2021 shows how TLS certificates on misconfigured servers can be exploited to redirect users to other services, intercepting or manipulating data.

There have also been efforts to prevent fully secure TLS encryption in order to allow authorities to access encrypted communications—for example, in connection with financial transactions and criminal activity. One of the organisations that advocated for such a ‘deliberate vulnerability’ in TLS was ETSI (the European Telecommunications Standards Institute).

Was this article helpful?
Go to Main Menu