Transport layer security

A blog by 22CE022,17 



What is TLS ?                                                            

=> TLS is a security protocol used to protect data and communication. TLS encrypts communication between web apps and servers.TLS can be used to encrypt emails, messaging.


TLS was proposed by the Internet Engineering Task Force (IETF), an international standards organization, and the first version of the protocol was published in 1999. The most recent version is TLS 1.3, which was published in 2018.

   

Difference of TLS AND SSL




how does TLS WORK ?

A TLS connection is initiated using a sequence known as the TLS handshake. When a user navigates to a website that uses TLS, the TLS handshake begins between the user's device (also known as the client device) and the web server.

During the TLS handshake, the user's device and the web server:

  • Specify which version of TLS (TLS 1.0, 1.2, 1.3, etc.) they will use
  • Decide on which cipher suites (see below) they will use
  • Authenticate the identity of the server using the server's TLS certificate
  • Generate session keys for encrypting messages between them after the handshake is complete

The TLS handshake establishes a cipher suite for each communication session. The cipher suite is a set of algorithms that specifies details such as which shared encryption keys, or session keys, will be used for that particular session. TLS is able to set the matching session keys over an unencrypted channel thanks to a technology known as public key cryptography.

The handshake also handles authentication, which usually consists of the server proving its identity to the client. This is done using public keys. Public keys are encryption keys that use one-way encryption, meaning that anyone with the public key can unscramble the data encrypted with the server's private key to ensure its authenticity, but only the original sender can encrypt data with the private key. The server's public key is part of its TLS certificate.

Once data is encrypted and authenticated, it is then signed with a message authentication code (MAC). The recipient can then verify the MAC to ensure the integrity of the data. This is kind of like the tamper-proof foil found on a bottle of aspirin; the consumer knows no one has tampered with their medicine because the foil is intact when they purchase it.



How does TLS affect web application performance?

The latest versions of TLS hardly impact web application performance at all.

Because of the complex process involved in setting up a TLS connection, some load time and computational power must be expended. The client and server must communicate back and forth several times before any data is transmitted, and that eats up precious milliseconds of load times for web applications, as well as some memory for both the client and the server.

However, there are technologies in place that help to mitigate potential latency created by the TLS handshake. One is TLS False Start, which lets the server and client start transmitting data before the TLS handshake is complete. Another technology to speed up TLS is TLS Session Resumption, which allows clients and servers that have previously communicated to use an abbreviated handshake.

These improvements have helped to make TLS a very fast protocol that should not noticeably affect load times. As for the computational costs associated with TLS, they are mostly negligible by today’s standards.

TLS 1.3, released in 2018, has made TLS even faster. TLS handshakes in TLS 1.3 only require one round trip (or back-and-forth communication) instead of two, shortening the process by a few milliseconds. When the user has connected to a website before, the TLS handshake has zero round trips, speeding it up still further.












 

Comments

Post a Comment

Popular posts from this blog

Image
 Python Turtle : Intro to Programming logic and creativity                    Blog by 22CE022,17 Python is one of the best languages to start learning programming with and python's in-built turtle library helps build logic and algorithmic skills in amateur programmer. click here for py turtle official docs we are given objects and functions of turtle library by which we can create turtle object, give it different shapes and colors, cause movement of the turtle in any direction of the canvas. we can also create pop-ups and show text on screen.  we can create drawings like this :  turtle drawings on github here are few mini games i have created using turtle library: US State guessing game:   The map image is loaded in turtle canvas and the axis of each state are saved in a csv file. Pandas is used to read this csv file. user enters name of a state and if the name is correct then state name is written on that x,y ax...
Read more