Transport Layer Security
From Computing and Software Wiki
m |
m |
||
| Line 9: | Line 9: | ||
==How It Works== | ==How It Works== | ||
| - | [[Image:sslsecurity.gif|thumb|500px|right|'''Transport Layer Security'''<br> | + | [[Image:sslsecurity.gif|thumb|500px|right|'''Transport Layer Security'''<br>If more than one connection is to be made, multiple SSL connections must be opened.]] |
TLS is used when the client wishes to open a secure connection to contact the server. The protocol allows each side to authenticate, so each side can be sure of whom they are communicating with. Both parties select the encryption algorithm to be used; it must be one that both sides support. TLS then allows the two sides to establish an encrypted connection. This is the highest level of security afforded, however many times only the server authenticates, and the client remains unauthenticated. This is less secure as the server cannot ensure that the client is who they claim to be, but this method is suitable under certain circumstances. | TLS is used when the client wishes to open a secure connection to contact the server. The protocol allows each side to authenticate, so each side can be sure of whom they are communicating with. Both parties select the encryption algorithm to be used; it must be one that both sides support. TLS then allows the two sides to establish an encrypted connection. This is the highest level of security afforded, however many times only the server authenticates, and the client remains unauthenticated. This is less secure as the server cannot ensure that the client is who they claim to be, but this method is suitable under certain circumstances. | ||
| + | |||
| + | If a message needs to go through multiple points to reach its destination, a new SSL connection must be opened for each intermediate point. In this model, the original message from the client is not cryptographically protected on each intermediary because it traverses intermediate servers and additional computationally expensive cryptographic operations are performed for every new SSL connection that is established. | ||
| + | |||
| Line 23: | Line 26: | ||
==References== | ==References== | ||
| - | + | * 1: "Chapter 3: Implementing Transport and Message Layer Security", Microsoft Developer Network, [http://msdn2.microsoft.com/en-us/library/aa480582.aspx http://msdn2.microsoft.com/en-us/library/aa480582.aspx] | |
==External Links== | ==External Links== | ||
| + | * [http://msdn2.microsoft.com/en-us/library/aa480582.aspx Implementing Transport and Message Layer Security] | ||
| + | |||
<br> | <br> | ||
---- | ---- | ||
| - | --[[User:Milesj2|Milesj2]] 20: | + | --[[User:Milesj2|Milesj2]] 20:59, 10 April 2008 (EDT) |
Revision as of 00:59, 11 April 2008
Transport Layer Security (TLS) is a cryptographic protocol that ensures privacy for communication over the Internet. It is the successor of the Secure Sockets Layer (SSL) protocol, though there are only minor differences that separate the two.
Contents |
History
During the mid 1990s, it became obvious that security was necessary for Internet commerce. Many different mechanisms were proposed by different groups. Netscape, Inc. was the group that initially developed the SSL protocol. While this was never formally adopted by the Internet Engineering Task Force (IETF), SSL was the basis of the IETF-designed protocol TLS which was first defined in 1999. In fact, SSL and TLS are so similar that most implementations of SSL support TLS, and both protocols use the same port number.
How It Works
If more than one connection is to be made, multiple SSL connections must be opened.
TLS is used when the client wishes to open a secure connection to contact the server. The protocol allows each side to authenticate, so each side can be sure of whom they are communicating with. Both parties select the encryption algorithm to be used; it must be one that both sides support. TLS then allows the two sides to establish an encrypted connection. This is the highest level of security afforded, however many times only the server authenticates, and the client remains unauthenticated. This is less secure as the server cannot ensure that the client is who they claim to be, but this method is suitable under certain circumstances.
If a message needs to go through multiple points to reach its destination, a new SSL connection must be opened for each intermediate point. In this model, the original message from the client is not cryptographically protected on each intermediary because it traverses intermediate servers and additional computationally expensive cryptographic operations are performed for every new SSL connection that is established.
Security Measures
Applications
See Also
References
- 1: "Chapter 3: Implementing Transport and Message Layer Security", Microsoft Developer Network, http://msdn2.microsoft.com/en-us/library/aa480582.aspx
External Links
--Milesj2 20:59, 10 April 2008 (EDT)
