# SSL and TLS ## What is TLS TLS, Transport Layer Security, is a cryptographic protocol that provides secure communication over a network. It is the successor to SSL, Secure Sockets Layer. Although SSL is technically obsolete and has been replaced by TLS, the term SSL is still commonly used colloquially to refer to TLS. TLS provides three security services simultaneously: confidentiality through encryption, integrity through message authentication codes, and authentication through certificates. TLS is used to secure HTTPS web connections, email, messaging, and many other internet protocols. ## TLS Handshake Before encrypted communication can begin, the client and server perform a TLS handshake to establish the parameters for the secure session. The exact steps vary between TLS versions, but the general process for TLS 1.2 is as follows. The client sends a ClientHello message specifying the TLS version, a random number, and a list of cipher suites the client supports. The server responds with a ServerHello choosing the TLS version and cipher suite, followed by its certificate and possibly a certificate request. The client verifies the server certificate against its list of trusted Certificate Authorities. If the certificate is valid, the client generates a pre-master secret and sends it to the server encrypted with the server's public key. Both sides independently compute the master secret and session keys from the pre-master secret and the random numbers exchanged earlier. The client and server each send a Finished message, encrypted with the session key, confirming the handshake is complete. Encrypted communication can now begin. ## TLS 1.3 TLS 1.3 was finalized in 2018 and provides significant improvements over TLS 1.2. The handshake is faster, requiring only one round trip instead of two before the client can send application data. TLS 1.3 removes support for legacy cipher suites with known weaknesses, including all cipher suites that do not provide forward secrecy. Forward secrecy means that even if the server's private key is later compromised, past session traffic cannot be decrypted because the session keys were ephemeral and not stored. TLS 1.3 is now the recommended version and older versions should be disabled. ## Certificate Validation When a browser connects to an HTTPS website, it verifies the server's certificate. The browser checks that the certificate was signed by a Certificate Authority that the browser trusts, that the certificate has not expired, that the certificate has not been revoked, and that the domain name in the certificate matches the domain the user is trying to reach. If any of these checks fail, the browser displays a security warning.