Transport Layer Security (TLS) is a protocol that provides authentication, privacy, and data integrity between two communicating computer applications. TLS is the most widely-deployed security protocol in use today. It is used by HTTPS to encrypt streams of network traffic between clients and servers and by SMTP Secure (SMTPS) to encrypt message exchanges between clients and servers. TLS evolved from Netscape's Secure Sockets Layer (SSL) protocol and has largely superseded it, although the terms SSL or SSL/TLS are still sometimes used. Key differences between SSL and TLS that make TLS a more secure and efficient protocol include message authentication, key material generation and cipher suites with newer, more secure algorithms. TLS and SSL are not interoperable, although TLS currently provides some backward compatibility in order to work with legacy systems. Finalized in 2018, TLS 1.3 is the current version of the protocol. TLS 1.3 was developed to address various vulnerabilities that have been exposed over the past few years, reduce the chance of implementation errors, and remove features no longer needed. For example, MD5 cryptographic hashes are no longer supported, perfect forward secrecy is required and RC4 negotiation is prohibited in TLS 1.3. Continue reading... |
No comments:
Post a Comment