👨‍💻
Mike's Notes
  • Introduction
  • MacOs Setup
    • System Preferences
    • Homebrew
      • Usage
    • iTerm
      • VIM
      • Tree
      • ZSH
    • Visual Studio Code
    • Git
    • SSH Keys
  • DevOps Knowledge
    • SRE
      • Scaling Reliably
        • Splitting a Monolith into Microservices
      • Troubleshooting Common Issues
      • Service Level Terminology
      • Toil
      • Monitoring
      • Release Engineering
      • Best Practices
      • On-Call
      • Alerting
    • Containers
      • Docker
        • Best Practices
          • Image Building
          • Docker Development
        • CLI Cheat Sheet
      • Container Orchestration
        • Kubernetes
          • Benefits
          • Cheat Sheet
          • Components
          • Pods
          • Workload Resources
          • Best Practices
    • Developer Portal 👨‍💻
      • Solution Overview 🎯
      • System Architecture 🏗️
      • Implementation Journey 🛠️
      • Cross-team Collaboration 🤝
      • Lessons & Future 🎓
    • Provisioning
      • Terraform
        • Installation
        • Usage
    • Configuration Management
      • Ansible
        • Benefits
        • Installation
    • Build Systems
      • Bazel
        • Features
  • Security
    • Secure Software Engineering
    • Core Concepts
    • Security Design Principles
    • Software Security Requirements
    • Compliance Standards and Policies
      • Sarbanes-Oxley (SOX)
      • HIPAA and HITECH
      • Payment Card Industry Data Security Standard (PCI-DSS)
      • General Data Protection Regulation (GDPR)
      • California Consumer Privacy Act (CCPA)
      • Federal Risk and Authorization Management Program (FedRAMP)
    • Privacy & Data
  • Linux Fundamentals
    • Introduction to Linux
    • Architecture
    • Server Administration
      • User / Groups
      • File Permissions
      • SSH
      • Process Management
    • Networking
      • Diagrams
      • Browser URL Example
      • Network Topologies
      • Signal Routing
      • DNS (Domain Name System)
      • SSL (Secure Sockets Layer)
      • TLS (Transport Layer Security)
  • System Design
    • Process
    • Kafka
      • Advanced Topics
    • URL Shortener
Powered by GitBook
On this page
  • Transport Layer Security (TLS) Overview
  • TLS vs SSL
  • TLS vs HTTPS
  • Why Should Businesses Use TLS?
  • TLS Components
  • TLS Certificates
  • How TLS Works
  • Performance Impact of TLS
  • Implementing TLS

Was this helpful?

  1. Linux Fundamentals
  2. Networking

TLS (Transport Layer Security)

Transport Layer Security (TLS) Overview

  • TLS is a widely used security protocol designed for ensuring privacy and data security in online communications.

  • Primarily encrypts communication between web applications and servers (e.g., web browsers and websites).

  • Other uses: Encrypting emails, messaging, and VoIP.

  • First introduced in 1999 by the Internet Engineering Task Force (IETF); latest version is TLS 1.3 (published in 2018).

TLS vs SSL

  • TLS evolved from the earlier SSL protocol (Secure Sockets Layer), developed by Netscape.

  • TLS 1.0 started as SSL 3.1, but was renamed before release to disassociate from Netscape.

  • TLS and SSL are often used interchangeably due to their close relationship.

TLS vs HTTPS

  • HTTPS is HTTP combined with TLS encryption.

  • Any website using HTTPS is utilizing TLS to encrypt communication.

Why Should Businesses Use TLS?

  • TLS encryption protects against data breaches and cyberattacks.

  • Major browsers (e.g., Google Chrome) warn users about non-HTTPS sites.

  • HTTPS padlock icon is a sign of a secure, TLS-protected connection.

TLS Components

  1. Encryption: Hides transferred data from third parties.

  2. Authentication: Verifies the identity of communicating parties.

  3. Integrity: Ensures data has not been altered during transmission.

TLS Certificates

  • To use TLS, a website must have a TLS certificate (commonly referred to as an SSL certificate).

  • Issued by certificate authorities (CAs) to the domain owner.

  • Contains the domain’s ownership details and public key (used for encryption).

How TLS Works

TLS Handshake

  • The handshake process establishes a secure connection between the user's device (client) and the web server.

  1. Specify TLS version: (e.g., TLS 1.0, 1.2, 1.3).

  2. Choose cipher suites: Set of algorithms for encryption.

  3. Server authentication: Verifies server’s identity using the TLS certificate.

  4. Generate session keys: For encrypting messages after the handshake.

  • Public key cryptography: Uses a public key to decrypt data, while only the server’s private key can encrypt it.

  • After encryption and authentication, the data is signed with a Message Authentication Code (MAC) for integrity.

Performance Impact of TLS

  • Modern TLS versions (e.g., TLS 1.3) have minimal impact on web performance.

  • TLS False Start and Session Resumption mitigate potential latency by speeding up the handshake.

  • TLS 1.3 improves speed with a 1-round-trip handshake and zero round trips for previously connected users.

Implementing TLS

  • Cloudflare offers free TLS/SSL certificates.

  • Alternatively, businesses can acquire and install an SSL certificate from a certificate authority on their servers.

PreviousSSL (Secure Sockets Layer)NextProcess

Last updated 8 months ago

Was this helpful?