DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones AWS Cloud
by AWS Developer Relations
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones
AWS Cloud
by AWS Developer Relations
Building Scalable Real-Time Apps with AstraDB and Vaadin
Register Now

Trending

  • Observability Architecture: Financial Payments Introduction
  • The SPACE Framework for Developer Productivity
  • Comparing Cloud Hosting vs. Self Hosting
  • Competing Consumers With Spring Boot and Hazelcast

Trending

  • Observability Architecture: Financial Payments Introduction
  • The SPACE Framework for Developer Productivity
  • Comparing Cloud Hosting vs. Self Hosting
  • Competing Consumers With Spring Boot and Hazelcast
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. TLS Security: TLS/SSL Explained

TLS Security: TLS/SSL Explained

SSL and TLS protocols are extremely important to protecting cyberdata. Learn what they protect and how they can be of use.

Agathoklis Prodromou user avatar by
Agathoklis Prodromou
·
Apr. 25, 17 · Tutorial
Like (29)
Save
Tweet
Share
16.80K Views

Join the DZone community and get the full member experience.

Join For Free

In this series on TLS security, we will focus on two widely known and used protocols in computer security, SSL and TLS. We will first start off with SSL, which stands for Secure Socket Layer and then we will talk about its successor, TLS, which stands for Transport Layer Security.

Many people, quite often use these terms but do not really understand the underlying technology and mechanics behind these protocols. The reason is simple. Behind these protocols, there is a complicated network of cryptographic functions, algorithms, and structures.

Having established that understanding how SSL/TLS works can be a challenge, so we will try to give a simple yet comprehensive overview of it.

What Is TLS/SSL?

The Transport Layer Security (TLS), and Secure Socket Layer (SSL) protocols’ main purpose is to provide: privacy and integrity; identification; and perfect forward secrecy.

Privacy and Integrity

It allows the connection between two mediums (client-server) to be encrypted. By encrypting the communication, we ensure that no third-party is able to read or tamper with the data that is being exchanged on our connection with the server. An unencrypted communication could and would expose sensitive data such as usernames, passwords, credit card numbers, and generally anything that is being sent back and forth during the connection.

Using a normal – unencrypted – connection, if a third party intercepted our connection with the server, they would be able to see information exchanged in plaintext (human readable format). If, for example, we access our website’s administration panel without SSL and someone is sniffing the local network’s traffic, they would be able to see the following:

TLS Security
The cookie which we use to authenticate on our website is now sent in plain text and anyone intercepting the connection can see it. This means that an attacker can use this information to log in to our website’s administration panel. From then on the attacker’s options expand dramatically for data leak or further exploitation.

However, if we access our website using SSL/TLS, they would see something quite different.

TLS/SSL

In this case, the information is useless to the attacker.

Identification

With the use of Public Key Cryptography, SSL/TLS provides identification between the communicating parties. This means that one (most commonly the server), or both parties, know who they are communicating with. This is crucial, especially in the event of online transactions, as we need to ensure we are transferring money to the person or company who are who they claim to be.

When a secure connection is established, the server will send its SSL certificate to the client. The certificate will then be checked by the client against a trusted Certificate Authority, essentially validating the server’s identity. We will see how an SSL certificate is created later on in this series.

Perfect Forward Secrecy

Simply put, PFS’s primary job is to make sure that in the event of the private key of a server being compromised, an attacker will not be able to decrypt any previous TLS communications. Perfect Forward Secrecy is possible by using the Diffie-Hellman ephemeral key exchange, which provides new keys for every session and is valid as long as the session is active.

Application

SSL/TLS protocols can be used in different services such as the web, mail, FTP, VoIP, and VPN. Typically, when a service uses a secure connection the letter S is appended to the service’s protocol name. For example: HTTPS, SMTPS, FTPS, SIPS.

Tune in next time for the history of SSL/TLS! 

TLS security

Published at DZone with permission of Agathoklis Prodromou, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Trending

  • Observability Architecture: Financial Payments Introduction
  • The SPACE Framework for Developer Productivity
  • Comparing Cloud Hosting vs. Self Hosting
  • Competing Consumers With Spring Boot and Hazelcast

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com

Let's be friends: