IPFYI
🔒 Network Security 6 min de lecture

TLS/SSL Explained

How TLS secures internet communication through certificates, handshakes, and encryption.

What Is TLS/SSL?

TLS (Transport Layer Security) is the protocol that secures internet communications. It's the successor to SSL (Secure Sockets Layer). When you see the padlock icon in your browser, TLS is protecting your connection.

Despite SSL being deprecated since 2015, people still use "SSL" informally. In practice, all modern secure connections use TLS 1.2 or TLS 1.3.

The TLS Handshake

Before encrypted communication begins, the client and server perform a handshake to establish the encryption parameters.

TLS 1.2 Handshake (2 round trips)

  1. Client Hello — Client sends supported cipher suites and a random number
  2. Server Hello — Server chooses a cipher suite, sends its certificate
  3. Key Exchange — Client and server exchange key material
  4. Finished — Both sides confirm the handshake

TLS 1.3 Handshake (1 round trip)

TLS 1.3 reduces the handshake to a single round trip by combining steps, significantly reducing connection latency.

Certificates

A TLS certificate proves the server's identity. It contains:

  • Subject — The domain name the certificate is issued for
  • Issuer — The Certificate Authority (CA) that vouches for the server
  • Public key — Used during the key exchange
  • Validity period — Start and expiration dates
  • SANs — Subject Alternative Names (additional domains covered)

Certificates form a chain of trust: your browser trusts root CAs, which sign intermediate CAs, which sign server certificates.

Cipher Suites

A cipher suite specifies the algorithms used for each aspect of the secure connection:

TLS_AES_256_GCM_SHA384
│    │        │
│    │        └─ Hash algorithm (integrity)
│    └────────── Encryption algorithm (confidentiality)
└─────────────── Protocol

Modern recommended cipher suites use: - AES-256-GCM or ChaCha20-Poly1305 for encryption - ECDHE for key exchange (forward secrecy) - SHA-384 or SHA-256 for hashing

TLS Version Comparison

Version Year Status Round Trips
SSL 3.0 1996 Deprecated 2
TLS 1.0 1999 Deprecated 2
TLS 1.1 2006 Deprecated 2
TLS 1.2 2008 Active 2
TLS 1.3 2018 Recommended 1

Forward Secrecy

Perfect Forward Secrecy (PFS) ensures that even if the server's private key is compromised in the future, past encrypted sessions remain secure. TLS 1.3 mandates forward secrecy; TLS 1.2 supports it with ECDHE key exchange.

Voir aussi

SSL/TLS Certificate Glossaire DDoS Glossaire DNS Spoofing Glossaire Encryption Glossaire Firewall Glossaire HTTPS Glossaire Intrusion Detection System (IDS) Glossaire Man-in-the-Middle Attack Glossaire SSL vs TLS Comparer SFTP vs FTPS Comparer SSH vs Telnet Comparer IDS vs IPS Comparer