# TLS (Transport Layer Security)

## Transport Layer Security (TLS) Overview

* **TLS** is a widely used security protocol designed for ensuring privacy and data security in online communications.
* Primarily encrypts communication between web applications and servers (e.g., web browsers and websites).
* Other uses: Encrypting emails, messaging, and VoIP.
* **First introduced** in 1999 by the **Internet Engineering Task Force (IETF)**; latest version is **TLS 1.3** (published in 2018).

## TLS vs SSL

* **TLS** evolved from the earlier **SSL** protocol (Secure Sockets Layer), developed by Netscape.
* **TLS 1.0** started as **SSL 3.1**, but was renamed before release to disassociate from Netscape.
* **TLS** and **SSL** are often used interchangeably due to their close relationship.

## TLS vs HTTPS

* **HTTPS** is HTTP combined with **TLS encryption**.
* Any website using HTTPS is utilizing **TLS** to encrypt communication.

## Why Should Businesses Use TLS?

* **TLS encryption** protects against data breaches and cyberattacks.
* Major browsers (e.g., **Google Chrome**) warn users about non-HTTPS sites.
* **HTTPS padlock icon** is a sign of a secure, TLS-protected connection.

## TLS Components

1. **Encryption**: Hides transferred data from third parties.
2. **Authentication**: Verifies the identity of communicating parties.
3. **Integrity**: Ensures data has not been altered during transmission.

## TLS Certificates

* To use TLS, a website must have a **TLS certificate** (commonly referred to as an **SSL certificate**).
* Issued by **certificate authorities (CAs)** to the domain owner.
* Contains the domain’s ownership details and **public key** (used for encryption).

## How TLS Works

#### TLS Handshake

* The handshake process establishes a secure connection between the user's device (client) and the web server.

1. **Specify TLS version**: (e.g., TLS 1.0, 1.2, 1.3).
2. **Choose cipher suites**: Set of algorithms for encryption.
3. **Server authentication**: Verifies server’s identity using the **TLS certificate**.
4. **Generate session keys**: For encrypting messages after the handshake.

* **Public key cryptography**: Uses a public key to decrypt data, while only the server’s private key can encrypt it.
* After encryption and authentication, the data is signed with a **Message Authentication Code (MAC)** for integrity.

## Performance Impact of TLS

* Modern **TLS versions** (e.g., **TLS 1.3**) have minimal impact on web performance.
* **TLS False Start** and **Session Resumption** mitigate potential latency by speeding up the handshake.
* **TLS 1.3** improves speed with a 1-round-trip handshake and zero round trips for previously connected users.

## Implementing TLS

* **Cloudflare** offers free TLS/SSL certificates.
* Alternatively, businesses can acquire and install an **SSL certificate** from a **certificate authority** on their servers.