What is TLS and how it can prevent hackers steal your data
November 9, 2021
Bogdan Hasan

Perhaps you have seen while surfing on the internet messages such as “Warning: Potential Security Risk Ahead,” these threats can generate a bad experience for both clients and companies and give attackers the chance to steal your data. Today we will present TLS and how it can help both users and companies reach encrypted communication.

What is TLS?

 TLS – Transport Layer Security – (also known as SSL – Secure Sockets Layer) is a security protocol that operates right above the TCP – Transmission Control Protocol. This makes the high-level applications stay almost unchanged when securing the connection. A good example is HTTPS which is identical to HTTP underneath the TLS protocol.

 TLS is used to encrypt communication on Internet between clients and servers. It has a wide variety of use cases such as encrypting communication for web servers, file transfer protocols, chat applications, email, and more.

How TLS works?

 First, we need a certificate that stores information about the server's domain and its public key. A certificate can be self-signed or signed by a certificate authority (CA), an entity that verifies and validates the data presented in the certificate. The difference is the authority of the signature; self-signed certificates are primarily used for testing purposes, whereas the certificate signed by a CA is trusted over the Internet.

 Below is a screenshot when trying to access a web server that uses a self-signed certificate. The browser does not trust the entity that signed the certificate and warns the client that the communication is not secure.

 If the certificate is signed by a CA, then a lock will appear near the URL signaling that communication is secure.

 After we have obtained our certificates and the communication is initialized, a series of processes is known as TLS Handshake. During the handshake, the client and the server negotiate which version of the protocol they are going to use (TLS1.0, TLS1.1, TLS1.2 and TLS1.3 – the latest), decide which cipher suites (a set of algorithms which specifies details such as the encryption key and session key will be used for that session) will be used, authenticate the identity of the server trough the certificate presented, and generate session keys for encrypting messages between them after the handshake process is finished.

Why to use TLS?

 If communication is done in plain text, attackers can steal sensitive information you provide on the Internet, such as credit card information when making an only payment, read the messages you send and receive when chatting online and more.

 Below is an example of a simple client-server application where the client sends a message to the server in plain text.

 Here’s what happens when an attacker connected to the same network as the server or the client can see when he is capturing the traffic:

 The attacker can see exactly what messages the client and the server exchange between each other. This is a severe problem of security and intimacy.

 Now let's see what happens when the client and server exchange messages using the TLS protocol:

 The attacker can now only see random characters and symbols, and there is no way he could get what messages are sent.

TLSv1.2 vs. TLSv1.3 Is it worth the upgrade?

 The new version, TLS 1.3 (2018), is the result of a substantial redesign effort to eliminate a number of perpetual deficiencies from SSL 3.0 to TLS 1.2.

 The key differences between the newer version and the older version of the protocol are that in version 1.3 a set of cipher suites known to vulnerabilities were removed and newer and stronger ones were added. Another big difference is a more simplified handshake process which has a lot of advantages because, although simple to implement, TLS is a very complex protocol – is made of other several protocols (Handshake protocol, Change CipherSpec protocol, TLS Alert protocol, Application Data protocol and TLS Record protocol) – this increases latency. A more simplified handshake protocol means less latency.

Source: https://www.a10networks.com

 This also brings security improvements; even if attackers can't see what messages are being exchanged between clients and servers in TLSv1.2, they can still see the certificate presented by the server.

 In TLSv1.3, the certificate is also encrypted, making it invisible to traffic tracing.

Final words:

 TLS protocol has become a standard in applications that communicate over the Internet; it offers end-to-end communications security. Its wide variety of applicability and ease of implementation made it very popular, and it’s also very efficient; with the new version of the protocol, the latency between when the message was sent and when the message was received can almost be neglected.

Talk to the team