Word of the Day: Transport Layer Security (TLS)

Word of the Day Daily updates on the latest technology terms |January 17, 2018

Transport Layer Security (TLS) Transport Layer Security (TLS) is a protocol that provides privacy and data integrity between two communicating applications. It's the most widely deployed security protocol used today, and is used for Web browsers and other applications that require data to be securely exchanged over a network, such as file transfers, VPN connections, instant messaging and voice over IP. TLS evolved from Netscape's Secure Sockets Layer (SSL) protocol and has largely superseded it, although the terms SSL or SSL/TLS are still sometimes used. Key differences between SSL and TLS that make TLS a more secure and efficient protocol are message authentication, key material generation and the supported cipher suites, with TLS supporting newer and more secure algorithms. TLS and SSL are not interoperable, though TLS currently provides some backward compatibility in order to work with legacy systems. According to the protocol specification, TLS is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol. The Record Protocol provides connection security, while the Handshake Protocol allows the server and client to authenticate each other and to negotiate encryption algorithms and cryptographic keys before any data is exchanged. The IETF officially took over the SSL protocol to standardize it with an open process and released version 3.1 of SSL in 1999 as TLS 1.0. The protocol was renamed TLS to avoid legal issues with Netscape, which developed the SSL protocol as a key feature part of its original Web browser. The last update for the TLS protocol (TLS 1.2) was issued in 2008. Since that time, the specification has undergone several changes as new issues with the protocol have been discovered. A draft for TLS 1.3 was issued in 2014 and the new version of the protocol, which is expected to be finalized in 2018, is expected to add several features that will help improve security, including support for Perfect Forward Secrecy and the pruning of obsolete and insecure algorithms. TLS 1.3 is also expected to speed up performance by simplifying the handshake process for encrypted connections. Quote of the Day "TLS and SSL have defined secure communications on the internet for decades. They enable everything from secure browsing to e-commerce to secure banking. Together, they are the backbone of the connected world." - Ed Moyle   Trending Terms Secure Sockets Layer backward compatible Heartbleed POODLE attack OpenSSL HTTPS   Learning Center TLS 1.3: What it means for enterprise cloud use TLS 1.3 is only in draft form right now, but it could potentially have a huge impact on cloud users and the monitoring controls they use. HTTPS interception gets a bad rap; now what? Should products intercept TLS connections to gain visibility into network traffic? Recent data on HTTPS interception, and U.S.-CERT, warn against it. Official TLS 1.3 release date: Still waiting, and that's OK Protocol scrutiny is good for the upcoming TLS 1.3 update as the process continues to expose, and fix, problems. TLS client authentication ensures secure IoT connection An expert said TLS client authentication could be used to ensure better IoT security with the thousands of IoT devices coming to market. Why do HTTPS interception tools weaken TLS security? HTTPS interception can weaken TLS security, even though it is supposed to protect websites. Here's a look at how that works and what to do about it. Writing for Business Many organizations don't give encryption a thought until they suffer a data _______. a. breach b. breech Answer   Stay In Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com   Visit the Word of the Day Archives and catch up on what you've missed!   FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2016 TechTarget. All rights reserved.