Transport Layer Security

From Pulsed Media Wiki
Revision as of 10:15, 9 June 2025 by Gallogeta (talk | contribs) (Guides: Linux: Information)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Transport Layer Security (TLS)

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as web Browse, email, instant messaging, and Voice over IP (VoIP). TLS encrypts the segments of network connections at the Transport layer (or above) of the OSI model, equivalent to the TCP/IP model's application layer, although many sources consider TLS a transport layer protocol.

TLS evolved from the earlier Secure Sockets Layer (SSL) protocol. While the terms SSL and TLS are often used interchangeably, SSL is deprecated and no longer considered secure; all modern implementations use TLS.

History

The precursor to TLS, Secure Sockets Layer (SSL), was developed by Netscape Communications in the mid-1990s.

  • SSL 1.0: Never publicly released due to serious security flaws.
  • SSL 2.0: Released in 1995, but quickly found to have several vulnerabilities.
  • SSL 3.0: Released in 1996, a significant redesign that improved security.
  • TLS 1.0: Defined in RFC 2246 (1999) by the Internet Engineering Task Force (IETF), based on SSL 3.0 but with enough differences to prevent interoperability with SSL 3.0. This marked the transition from SSL to TLS.
  • TLS 1.1: Defined in RFC 4346 (2006), addressing several security weaknesses in TLS 1.0.
  • TLS 1.2: Defined in RFC 5246 (2008), which significantly improved security by updating hash and cipher suite negotiations. It became the most widely adopted version for a long time.
  • TLS 1.3: Defined in RFC 8446 (2018), a major revision focusing on security, performance, and simplicity. It deprecated many older cryptographic features and significantly reduced the handshake latency.

How it Works

TLS operates in two main phases: the handshake protocol and the record protocol.

TLS Handshake Protocol

The handshake protocol is the most complex part of TLS, where the client and server establish a secure connection. It involves several steps:

  1. ClientHello: The client initiates the handshake by sending a "ClientHello" message to the server. This message includes:
    • The highest TLS protocol version it supports (e.g., TLS 1.3).
    • A random byte string (Client Random).
    • A list of cipher suites it supports, in order of preference.
    • Optional extensions (e.g., Server Name Indication (SNI)).
  1. ServerHello: The server responds with a "ServerHello" message, which includes:
    • The chosen TLS protocol version (the highest common version supported by both).
    • A random byte string (Server Random).
    • The selected cipher suite from the client's list.
    • Optional extensions.
  1. Certificate and Key Exchange:
    • Server Certificate: The server sends its digital certificate to the client. This certificate contains the server's public key and is signed by a certificate authority (CA) to prove its authenticity.
    • Server Key Exchange (optional): If the chosen cipher suite uses DHE or ECDHE, the server sends its ephemeral public key parameters for key exchange.
    • Certificate Request (optional): The server may request a client certificate for mutual authentication.
    • ServerHelloDone: The server indicates it has finished its part of the handshake.
  1. Client Key Exchange:
    • The client verifies the server's certificate (checking the CA signature, expiry, domain name, etc.). If verification fails, the connection is terminated.
    • Based on the chosen cipher suite and the server's public key (from the certificate or ephemeral key), the client generates a pre-master secret. For Diffie-Hellman based key exchange, both client and server derive the same shared secret. For RSA-based key exchange, the client encrypts the pre-master secret with the server's public key.
    • Client Certificate (optional): If requested by the server, the client sends its own certificate and a digitally signed message proving ownership.
  1. ChangeCipherSpec and Finished:
    • Both client and server then use the established pre-master secret (along with the client and server randoms) to generate a master secret. From this master secret, session keys (for encryption, decryption, and MACs) are derived.
    • Both parties send a "ChangeCipherSpec" message, indicating that all subsequent messages will be encrypted using the newly negotiated keys.
    • Both parties then send a "Finished" message, which is an encrypted hash of all previous handshake messages. This acts as a integrity check to ensure the handshake has not been tampered with.

At this point, the TLS handshake is complete, and the application data can be securely exchanged.

TLS Record Protocol

After the handshake, the TLS Record Protocol is responsible for encapsulating and encrypting application data. It takes application data, fragments it into manageable blocks, optionally compresses it, applies a message authentication code (MAC) for integrity, and encrypts the data. On the receiving end, the process is reversed: decryption, MAC verification, decompression, and reassembly.

Key Features

  • Authentication: Verifies the identity of the communicating parties (typically the server, optionally the client) using digital certificates.
  • Confidentiality (Encryption): Ensures that data exchanged between parties cannot be read by unauthorized third parties.
  • Integrity: Guarantees that the data has not been tampered with during transmission.
  • Perfect Forward Secrecy (PFS): (Especially in TLS 1.2 with DHE/ECDHE, and standard in TLS 1.3) Ensures that even if the server's long-term private key is compromised in the future, past recorded communications cannot be decrypted. This is achieved by using ephemeral session keys.

Uses

TLS is ubiquitous for securing Internet communications:

  • HTTPS: The most common use, securing web traffic between a web browser and a website.
  • Email: Used by protocols like SMTPS, POPS, and IMAPS to secure email transmission and retrieval.
  • VPNs: Used by many Virtual Private Network (VPN) solutions (e.g., OpenVPN) to create secure tunnels.
  • Instant Messaging: Secures communication in many messaging applications.
  • VoIP: Used to secure voice and video calls.
  • File Transfer: Used by FTPS (FTP over TLS) and SFTP (SSH File Transfer Protocol, though SFTP uses SSH's security).
  • Remote Desktop: Secures remote access sessions.
  • IoT Devices: Increasingly used to secure communication for Internet of Things devices.

Security Considerations

While TLS is robust, its security depends on proper implementation and configuration.

  • Vulnerable TLS/SSL versions: Older versions (SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1) have known vulnerabilities (e.g., POODLE, BEAST, CRIME) and should be disabled. TLS 1.2 and TLS 1.3 are currently considered secure.
  • Weak Cipher Suites: Using outdated or weak cipher suites can expose connections to attacks. Strong, modern cipher suites are crucial.
  • Certificate Validity: Failure to properly validate server certificates can lead to man-in-the-middle attacks.
  • Misconfigurations: Server misconfigurations (e.g., weak key sizes, incorrect protocol versions) can severely compromise security.
  • Heartbleed Bug: A famous vulnerability in OpenSSL (a popular TLS library) that allowed attackers to read memory from servers and clients, potentially exposing sensitive data like private keys. This highlighted the importance of code security audits.

See Also

Retrieved from "https://wiki.pulsedmedia.com/index.php?title=Transport_Layer_Security&oldid=1003111"