Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as ‘SSL’, are cryptographic protocols designed to provide communications security over a computer network.

The TLS protocol is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol.

Several versions of the protocols are in widespread use in applications such as web browsing, email, Internet faxing, instant messaging, and voice-over-IP (VoIP). Major websites (including Google, YouTube, Facebook and many others) use TLS to secure all communications between their servers and web browsers.

The primary goal of the TLS protocol is to provide privacy and data integrity between two communicating computer applications. The connection is reliable because each message transmitted includes a message integrity check using a message authentication code to prevent undetected loss or alteration of the data during transmission. The identity of the communicating parties can be authenticated using public key cryptography. This authentication can be made optional, but is generally required for at least one of the parties (typically the server).

TLS has a variety of security measures:

  1. Protection against a downgrade of the protocol to a previous (less secure) version or a weaker cipher suite.
  2. Numbering subsequent Application records with a sequence number and using this sequence number in the message authentication codes (MACs).
  3. The message that ends the handshake (“Finished”) sends a hash of all the exchanged handshake messages seen by both parties.