Transport Layer Security (TLS) – Inside{CurlyBraces}

What is Transport Layer

In the Open Systems Interconnection(OSI) model the transport layer is most often referred to as Layer 4. It resides between network layer and session layer. Almost all modern authentication protocols rely heavily on transport layer security.

What is Transport Layer Security (TLS)

TLS is a protocol designed to provide communications security over a computer network. It is the successor of the SSL. The protocol is defined here. It can provide privacy and data integrity between two communicating applications.

Why it is important

It allows unprotected protocols like HTTP to travel across a secure tunnel and adds following features to the HTTP

Server Authentication
Make sure that we are talking to the server that we are expecting to call. Without TLS we have no guarantee that the server at the other end of the channel is the same server that we intended to call.This is achieved by using x.509 certificates
Integrity Protection
Make sure that middleman between client and server can't modify the content. This is also achieved by using x.509 certificates with hashed content.
Replay protection
Make sure same request can't be repeatedly send to the server.
confidentiality
Make sure the messages client send to the server are properly encrypted so that nobody in the middle cannot see the content on the wire.

In modern web applications TLS is a must ensuring Confidentiality and Integrity without affecting Availability.

security-fundamentals

What is Transport Layer

What is Transport Layer Security (TLS)

Why it is important

Server Authentication

Integrity Protection

Replay protection

confidentiality

Comments

Related Posts

The Controversial Practice of SSL Inspection - A Betrayal of Trust? 22 Jun 2022

Attaching Windbg to Managed Application 10 Apr 2017

VS Code Integrated Terminal with Visual Studio Command Prompt 21 Jan 2017