SSL TLS

TLS stands for Transport Layer Security and is a protocol similar to SSL and is often used interchangeably with SSL (even though its different)  Most certifiacte vendors still sell there certificates as SSL certificates although some will call them SSL / TLS certificates.  TLS is a cryptographic protocol that allows encryted communication over the internet and allows a browser to verify that the certificate does indeed match the url it is supposed to.  Asymmetric cryptography is used by TLS and SSL for encryption.

TLS is based on the original SSL protocol from Netscape but is different.  TLS 1.0 is commonly used although TLS 1.1 and TLS 1.2 have also been developed but are not commonly used yet.

The TLS handshake goes like this

  • Client sends ClientHello
  • Server responds with ServerHello
  • Server sends certificate message
  • Server sends ServerHelloDone message
  • Client sends ClientKeyExchange message
  • Client sends ChangeCipherSpec record
  • Server sends ChangeCipherSpec