TLS protocol overview
Transport Layer Security (TLS) is the most widely used protocol for implementing cryptography on the web. TLS uses a combination of cryptographic processes to provide secure communication over a network. This section provides an introduction to TLS and the cryptographic processes it uses.
TLS provides a secure enhancement to the standard TCP/IP sockets protocol used for Internet communications. As shown in the following table , the secure sockets layer is added between the transport layer and the application layer in the standard TCP/IP protocol stack. The application most commonly used with TLS is Hypertext Transfer Protocol (HTTP), the protocol for Internet web pages. Other applications, such as Net News Transfer Protocol (NNTP), Telnet, Lightweight Directory Access Protocol (LDAP), Interactive Message Access Protocol (IMAP), and File Transfer Protocol (FTP), can be used with TLS as well.
| TCP/IP Layer | Protocol |
|---|---|
| Application Layer | HTTP, NNTP, Telnet, FTP, and so on |
| Transport Layer Security | TLS |
| Transmission Control Protocol | TCP |
| Internet Layer | IP |
Secure Socket Layer (SSL) was developed by Netscape in 1994, and with input from the Internet
community, has evolved to become a standard. It is now under the control of the international
standards organization, the Internet Engineering Task Force (IETF). The IETF renamed SSL to TLS, and
released the first specification, version 1.0, in January 1999. TLS 1.0 is a modest upgrade to the
most recent version of SSL, version 3.0. This upgrade corrected defects in previous versions and
prohibited the use of known weak algorithms. TLS 1.1 was released in April 2006 and TLS 1.2 in
August 2008.
TLS 1.3 was released in August 2018. TLS 1.3 is a
major overhaul of the TLS protocol and provides significant security and performance improvements
over previous versions.