Cryptography, TLS, SSL – Today we will discuss the following question in this blog post from a fundamental point of view.
What is Cryptography, TLS/SSL?
So let’s start.
Cryptography is the technique of securing information and communications through the use of mathematical algorithms so that only those people for whom the information is intended can understand it and process it.
This way we can prevent unauthorized access to information.
The prefix “crypt” means “hidden” and the suffix “graphy” means “writing”.
Following are the features of Cryptography that we can use:
Confidentiality: Information can only be accessed by the person for whom it is intended and no other person except him can access it.
Integrity: Information at rest or transition can not be modified between the sender and intended receiver & plays a vital role in assuring the users about the data integrity.
Non-repudiation: Once the data is transmitted, the sender has no chance to deny it in the later phases.
Authentication: Both the sender and receiver need to authenticate their own identities about the transmitted and received data.
Types Of Cryptography:
Symmetric Key Cryptography: In symmetric Cryptography both sender and receiver use the same key for data encryption and decryption. This is fast and simple, however somehow the sender and receiver has to exchange keys in a secure manner.
Asymmetric Key Cryptography: In this type of cryptography two separate keys are used for encryption and decryption i:e public key and private key.
Public key is used for encryption and private key is for decryption
Even if everyone knows about the public key, however only the intended receiver who has the private key only can decrypt the information.
I think we have got the fundamental knowledge on Cryptography, Lets now talk about TLS and SSL.
I think we should first clear the difference between TLS and SSL. So let’s discuss…
TLS (Transport Layer Security) and SSL (Secure Sockets Layer), are cryptographic protocols for securing connections between clients and servers communicating over a network.
TLS is actually just a more recent version of SSL. Below is a picture of SSL/TLS evolution.
Hence SSL is called as the predecessor of TLS and TLS uses a stronger encryption algorithm than SSL to provide a more secure connection between client-server.
As on date all versions of SSL are completely deprecated and TLS 1.3 is the latest one that is being used for the highest level of secure encryption.
In nutshell, SSL is obsolete and TLS is the new name of the older SSL protocol as the modern encryption standard is used by everybody.
Here’s the full history of SSL and TLS releases:
- SSL 1.0 – never publicly released due to security issues.
- SSL 2.0 – released in 1995. Deprecated in 2011. Has known security issues.
- SSL 3.0 – released in 1996. Deprecated in 2015. Has known security issues.
- TLS 1.0 – released in 1999 as an upgrade to SSL 3.0. Planned deprecation in 2020.
- TLS 1.1 – released in 2006. Planned deprecation in 2020.
- TLS 1.2 – released in 2008.
- TLS 1.3 – released in 2018.
Are SSL and TLS Different Cryptographically?
Yes. The difference between each version of the protocol may not be huge, but if you were comparing SSL 2.0 to TLS 1.3 then you will find few technical differences .
The concept is the same through each version. It’s just the way the different protocols go about accomplishing the task of encrypting connections.
SSL and TLS simply refer to the handshake that takes place between a client and a server. The handshake doesn’t actually do any encryption itself, it just agrees on a shared secret and the type of encryption that is going to be used.
An SSL handshake uses a port to make its connections. This is called an explicit connection. Port 443 is the standard port for HTTPS ( You can use your own from the defined port range 0-65535)
The very first step of the handshake is the client-hello. With TLS this is sent via an insecure channel and the connection switches to port 443 (or the port you’ve designated) once the handshake has begun.
Traditionally, the handshake has involved several roundtrips as authentication and key exchange take place. With SSL, this added latency to connections. That’s where the myth originated that SSL/HTTPS slows down your website. Each new version of the protocol has worked to reduce the latency added by the handshake. By TLS 1.2, it was proven that HTTPS was actually FASTER than HTTP owing to its compatibility with HTTP/2.
TLS 1.3 has refined the handshake even further. It can now be accomplished with a single roundtrip and enables Zero roundtrip resumption (0-RTT). This was done by reducing the number of cipher suites it supports.
Let’s stop it here. I tried to give a fundamental knowledge on TLS/SSL and Cryptography, but of course you need to explore to know more about it.
Below are few articles you may want to explore
To explore my other blog posts please explore other categories in following website
Thanks !! Please share it if you like it!