Transport Layer Security

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers. There are slight differences between SSL and TLS, but the protocol remains substantially the same. The TLS protocol allows applications to communicate across a network in a way designed to prevent eavesdropping, tampering, and message forgery. TLS provides endpoint authentication and communications privacy over the Internet using cryptography. Typically, only the server is authenticated (i.e., its identity is ensured) while the client remains unauthenticated; this means that the end user (whether an individual or an application, such as a Web browser) can be sure with whom they are communicating. The next level of security?in which both ends of the "conversation" are sure with whom they are communicating?is known as mutual authentication. Mutual authentication requires public key infrastructure (PKI) deployment to clients unless TLS-PSK or TLS-SRP are used, which provide strong mutual authentication without needing to deploy a PKI.TLS involves three basic phases:1. Peer negotiation for algorithm support 2. Public key exchange and certificate-based authentication 3. Symmetric cipher encryptionDuring the first phase, the client and server negotiate cipher suites, which combine one cipher from each of the following:1. Public-key cryptography: RSA, Diffie-Hellman, DSA 2. Symmetric ciphers: RC2, RC4, IDEA, DES, Triple DES, AES or Camellia 3. Cryptographic hash function: MD2, MD4, MD5 or SHA.