How does TLS work?

TLS is an encryption protocol that works on top of TCP and sometimes UDP as well. Because it sits on top of the transport layer, it allows protocols higher in the chain to remain unchanged, such as HTTP, for example.

The protocol hides the actual data being sent across the wire. Attackers can only see what port, domain, and IP address are connected with it. They could also track how much data is being transferred.

Once the TCP connection is established, the TLS handshake is started by the client (through the browser or another user agent client application). The client starts the TLS conversation by asking a series of questions:

• Which version of SSL/TLS is it running?
• What cipher suites does it want to use?
• What compression methods does it want to use?

The client chooses the highest level of the TLS protocol supported by both the client and server. The compression method is also selected.

Once the initial TLS connection is established, the client requests the server's certificate. The certificate must be trusted by the client or an authority party that the client trusts. Examples of certificate authorities are Network Solutions, GeoTrust, Let's Encrypt, and Amazon.

After the certificate is verified, an encryption key is exchanged. The key depends on the cipher that is chosen. Once the key is exchanged, the client and server are able to perform symmetric encryption.

The client tells the server that all future communications are to be encrypted:

The client and server perform a final verification in which the client's MAC address is verified by the server. The server receives an initial authentication message from the client that is decrypted and sent back to the client for verification.

Encryption keys are generated uniquely for each connection, and are based on the authentication message. Assuming the handshake completes successfully, the client and the server can now communicate securely.

Secure TLS connections between the client and server have at least one of the following properties:

• As symmetric cryptography is used to encrypt the transmitted data, it is the reason why the connection is secure. The negotiation of a shared secret is both secure and reliable ( the negotiated secret is unavailable to eavesdroppers and no attacker can modify the communications during the negotiation without being detected).
• Public-key cryptography is used to authenticate the identity of the communicating parties. The authentication procedure could be made optional, but typically it is required for the server.
• To prevent the undetected loss or alteration of the data during transmission, each transmitted message includes message integrity check using a message authentication code