An introduction to SSL/TLS
Transport Layer Security (TLS) is the new name for Secure Socket Layer (SSL). It provides a secure transport connection between applications with the following benefits:
SSL/TLS works on Layer 7 (the Application Layer) on behalf of the higher-level protocols
SSL/TLS provides confidentiality and integrity by encrypting communications
SSL/TLS allows client-side validation (optional) for closed use cases
SSL/TLS versions
Knowing the versions is extremely important while debugging handshake issues, as most handshake failures happen in this process.
Netscape developed the original SSL versions and other versions; their RFC numbers are shown in the following table:
|
Protocol |
Year |
RFC |
Deprecated |
|---|---|---|---|
|
SSL 1.0 |
N/A |
N/A |
N/A |
|
SSL 2.0 |
1995 |
NA |
Y RFC 6176 |
|
SSL 3.0 |
1996 |
RFC 6101 |
Y RFC 7568 |
|
TLS 1.0 |
1999 |
RFC 2246 |
N |
|
TLS 1.1 |
2006 |
RFC 4346 |
N |
|
TLS 1.2 |
2008 |
RFC 5246 |
N |
|
TLS 1.3 |
TBD |
DRAFT |
N |
The SSL/TLS component
SSL/TLS is split into four major components, as shown in the...
