TLS (Transport Layer Security, RFC 8446)
Last updated
Last updated
Secure communication protocol over TCP/IP.
Created upon SSL V3 (Secure Sockets Layer).
Manages per-application secure sessions over TCP/IP.
Initially conceived for HTTP traffic.
Used for other traffic types.
There is a similar version for UDP (DTLS, RFC 6347).
Security mechanisms.
Communication confidentiality and integrity.
Key distribution.
Authentication of communication endpoints.
Servers (or, more frequently, services).
Client users.
Both with asymmetric key pairs, typically with certified public keys.
If a server supports a single algorithm, it is not expected for all clients to also support it.
More powerful/limited, older/newer.
The Ciphersuite concept allows the negotiation of mechanisms between client and server.
Both send their supported ciphersuites, and select one they both share.
TLS v1.3: O servido escolhe.
Example: ECDHE-RSA-AES128-GCM-SHA256.
Format:
Key negotiation algorithm: ECDHE.
Authentication algorithm: RSA.
Cifra algorithm, and cipher mode: AES-128 GCM.
Integrity control algorithm: SHA256.