Transport Layer Security
The Transport Layer Security (TLS) is the successor of the Secure Sockets Layer (SSL). The protocols define the mechanisms to ensure secure transmission of data over the internet. The standards are controlled by The Internet Engineering Task Force (IETF®).
The standard defines the negotiation handshake whch defines the encryption and protocol to be used to transmit data records. The varied nature of the implementations of the standard provides a venue for disruption, i.e., it is possible to promote successful attacks by CyberSecutity hackers.
SSL1, SSL2, SSL3 and TLS1.0 have known flaws. SSL was developed by Netscape in the 90’s and was a preliminary, and exploratory means to define secure communication. The ‘first on the block’ allowed for the inception and development of the concept and the implementation of the ideal, to promote secure transport of data. TLS1.0 corrected some of the flaws in SSL but, in an attempt to accommodate itself the US Government restrictions on the export of cryptographic materiel, had known weak encryption with hackable protocols.
The material here overlaps the material in the Modern Digital Cryptography and Modern Cryptanalysis sections of this web site. But there are parts of the Cryptology sphere of influence which most appropriately resides in this section, and in this section they have been put.
SSL and TLS1.0 and TLS1.1 have been included as reference material. TLS1.2 is the current standard, and TLS1.3 is the forthcoming standard under review.
Very roughly:
- Standards: Articles which are the TLS standard or describe the standard.
- Tutorials & Overviews: Gentle (or mostly gentle) matter which describes the protocols. “Light” reading for the unwary.
- Papers: Peer reviewed papers.
- Articles: None of the above.