> For the complete documentation index, see [llms.txt](https://notes.mikaelsamvelian.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://notes.mikaelsamvelian.com/linux-fundamentals/networking/tls-transport-layer-security.md). # TLS (Transport Layer Security) ## Transport Layer Security (TLS) Overview * **TLS** is a widely used security protocol designed for ensuring privacy and data security in online communications. * Primarily encrypts communication between web applications and servers (e.g., web browsers and websites). * Other uses: Encrypting emails, messaging, and VoIP. * **First introduced** in 1999 by the **Internet Engineering Task Force (IETF)**; latest version is **TLS 1.3** (published in 2018). ## TLS vs SSL * **TLS** evolved from the earlier **SSL** protocol (Secure Sockets Layer), developed by Netscape. * **TLS 1.0** started as **SSL 3.1**, but was renamed before release to disassociate from Netscape. * **TLS** and **SSL** are often used interchangeably due to their close relationship. ## TLS vs HTTPS * **HTTPS** is HTTP combined with **TLS encryption**. * Any website using HTTPS is utilizing **TLS** to encrypt communication. ## Why Should Businesses Use TLS? * **TLS encryption** protects against data breaches and cyberattacks. * Major browsers (e.g., **Google Chrome**) warn users about non-HTTPS sites. * **HTTPS padlock icon** is a sign of a secure, TLS-protected connection. ## TLS Components 1. **Encryption**: Hides transferred data from third parties. 2. **Authentication**: Verifies the identity of communicating parties. 3. **Integrity**: Ensures data has not been altered during transmission. ## TLS Certificates * To use TLS, a website must have a **TLS certificate** (commonly referred to as an **SSL certificate**). * Issued by **certificate authorities (CAs)** to the domain owner. * Contains the domain’s ownership details and **public key** (used for encryption). ## How TLS Works #### TLS Handshake * The handshake process establishes a secure connection between the user's device (client) and the web server. 1. **Specify TLS version**: (e.g., TLS 1.0, 1.2, 1.3). 2. **Choose cipher suites**: Set of algorithms for encryption. 3. **Server authentication**: Verifies server’s identity using the **TLS certificate**. 4. **Generate session keys**: For encrypting messages after the handshake. * **Public key cryptography**: Uses a public key to decrypt data, while only the server’s private key can encrypt it. * After encryption and authentication, the data is signed with a **Message Authentication Code (MAC)** for integrity. ## Performance Impact of TLS * Modern **TLS versions** (e.g., **TLS 1.3**) have minimal impact on web performance. * **TLS False Start** and **Session Resumption** mitigate potential latency by speeding up the handshake. * **TLS 1.3** improves speed with a 1-round-trip handshake and zero round trips for previously connected users. ## Implementing TLS * **Cloudflare** offers free TLS/SSL certificates. * Alternatively, businesses can acquire and install an **SSL certificate** from a **certificate authority** on their servers. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://notes.mikaelsamvelian.com/linux-fundamentals/networking/tls-transport-layer-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.