What does TLS stand for?
In cryptography, TLS is a suite of protocols that encrypts Internet communications.
It was originally named "Transport Layer Security", as it is layered on top of the Transport layer protocols (TCP and sometimes UDP). Since the original specification, TLS has grown into an umbrella term, now generally meaning any protocol of a certain type.
Why use TLS? In order to communicate securely on the Internet, you need to be able to hide what you say from others. A common way to do this is encryption, and with TLS you can encrypt your data as it passes between your machine and another. It is possible to encrypt a message in transit without end-to-end encryption. The problem with this is that your messages are visible to anyone who sniffs the network traffic, so it doesn't mean you have an end-to-end encrypted message; it means you're talking to someone with an active sniffer.
What is this post about? This post looks at the history of TLS and how it became what it is today. Hopefully you'll learn about how the suite of protocols work, as well as why TLS is so important.
Who wrote TLS? To start, we have to ask who wrote TLS. The answer, is, the Internet Engineering Task Force (IETF), which publishes various RFCs describing the protocols used by the Internet. In fact, it was proposed by a working group (RFC-2264) and later developed into an RFC (RFC 2246) that specified a set of protocols to be used by applications and servers on the Internet. The development of the Internet itself, however, was mostly done by the Internet Engineering Consortium (IEC), who designed the TCP/IP protocol suite.
TCP/IP is still the core transport protocol of the Internet, but nowadays many other protocols use it. For instance, the DNS protocol runs over TCP/IP, as does SMTP, FTP, X11, and many other protocols. Because of this, many protocols run over TCP/IP by default, but some may also have alternative transports, such as SCTP.
How did TLS evolve? When RFCs began to appear describing protocols like IPsec and TLS, there was a lot of overlap in specification, because the authors were working on the same problems at roughly the same time.
How do I enable SSL TLS?
What is the purpose of SSL/TLS? What are the differences between TLS and SSL? What are the differences between SSL and TLS? What is "Server name indication"? What is Server name indication? Can I use an old version of a SSL library with a newer version of a web server? When would I need a key-pair for TLS? Why would you want to use one protocol over another? Why do most web sites use SSL TLS? How do I know when to use TLS or not? How do I enable TLS on the router and which cipher suites to use? How can I get my web server to use TLS? How do I use SSL/TLS correctly? What are the main concerns when using SSL/TLS? What are the downsides of using SSL/TLS? What is the difference between SSL and TLS? What is SSL? How can I make sure my web server is secure? What do I do if someone intercepts my data during communication over a public Internet? How can I prevent my web server from leaking my secret key? How can I encrypt HTTP traffic on the router and/or firewall? What should a router's httpd have to support https?
What does SSL and TLS do?
As I understand it, SSL/TLS encrypts the traffic between the client and the server.
The client sends a request for a website and the server responds with a page that is encrypted. The client uses a public/private key pair to encrypt the traffic and the server uses the same pair to decrypt it.
I've used this in the past and it's quite useful. What I'm wondering is what happens when you have multiple connections from different devices to the same website? Does it use a different public/private key pair for each connection? If so, wouldn't that be kind of pointless? What is the purpose of using the SSL/TLS protocol if the traffic between the client and server is encrypted? It's mainly so that any eavesdroppers can't read the traffic and see what you are doing. You're absolutely right, but the question was "what is the purpose of using SSL/TLS if the traffic between the client and server is encrypted." It's mainly so that any eavesdroppers can't read the traffic and see what you are doing." My point is that if you are encrypting the traffic between the client and server, then you don't need to use SSL/TLS to accomplish that. So it seems like SSL/TLS is used to secure the connection between the client and the server. Once you have the connection secured, does it do anything else? I don't think it's clear that it does anything beyond that. It certainly doesn't add any encryption to the data in transit between the client and the server, but I don't think it does anything beyond that either.
Is there some benefit to using TLS on the server? I can't imagine why, since the data being sent from the client to the server isn't encrypted. If the server is using SSL/TLS, the data is encrypted in transit, even if it isn't encrypted at rest. It is probably most common to use TLS on the server to provide client authentication (ie "the server knows who you are"). The advantage is that it makes it harder for someone to impersonate the server.
Related Answers
What is TLS/SSL Protocol?
TLS stands for Transport Layer Security and it is a protocol used to create a secure connect...
Which is more secure SSL TLS or HTTPS?
and SSL? I know the difference between TCP/IP vs. IP, or S...
What is TLS?
TLS is the standard protocol for securing network communication. I...