SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are both protocols used to secure internet communication. SSL was the original, but it has largely been replaced by TLS due to security improvements.
By creating a secure, protected "tunnel" across the Internet, they encrypt data to keep it private and secure while it's being transmitted between a client (like a web browser) and a server (like a website). TLS is the newer (SSL renamed by IETF), more secure version that's widely used today. The 2 terms are often used interchangeably.
- HTTPS - HTTP secured by an SSL/TLS
- SSL VPN for private corporate network
- SSL VPN via public VPN provider
The purpose of SSL/TLS is to protect the data that can be captured.
- Confidentiality - data accessible only by client and server - Encryption
- Integrity - data is not modified between client and server - Hashing
- Authentication - client/server are who they say they are - PKI
The data put on the wire is still passing through someone else's network.
- Anti-Replay - prevents attackers from reusing intercepted data to gain unauthorized access. It provides sequence numbers built in to integrity and authentication mechanism.
- Non-Repudiation - ensures parties can't deny their involvement in a transaction or communication.
The key players of the SSL/TLS ecosystem are:
- Client - entity initiating the TLS handshake,
e.g.web browser, apps, IoT, etc- optionally authenticated at the SSL layer (rarely provides a certificate)
- Server - entity receiving the TLS handshake,
e.g.web server, etc- always authenticated (the user has to know what server he is talking to)
- Certificate Authority (CA) - governing entity that issues digital certificates to servers
- trusted by client and server
- provides Trust Anchor - if the client trusts the CA, it can trust what the CA trusts
- CAs organizations: Let's Encrypt, IdenTrust, GlobalSign, Sectigo, DigiCert, GoDaddy, ...
Security must be balanced with Accessibility, based on the usage case.
SSL v3.0 (declared insecure as of Oct 2014 due to POODLE attack), as a complete redesign of SSL v2.0 is the foundation of the following TLS versions (TLS 1.0, 1.1, 1.2).
TLS v1.0
- Protocol ownership transferred to I.E.T.F.
- almost identical to SSL v3.0
- Vulnerability: BEAST attack on CBC ciphers
- protocol deprecated on March 2021
TLS v1.1
- deprecated EXPORT grade ciphers
- protection against CBC attacks
- protocol deprecated on March 2021
- improved security of key generation
- support for AEAD ciphers (Authentication Encryption with Associated Data)
- secure, recommended
- major changes from prior TLS/SSL versions, favors security and simplicity
- shorted handshake
- forward secrecy required
- 0-RTT resumption
- AEAD ciphers required