TLS is the successor of Secure Socket Layer (SSL), which is now deprecated.
HTTPS is built on top of TLS.
Subsection
TLS Security
TLS provides confidentiality and integrity of the CIA Triad, and in addition, it also supports authentication of the server.
It
- encrypts data so it looks like random gibberish for anyone without the correct key
- includes integrity checks to detect tampering; any such detection typically results in the connection being terminated
- relies on digital certificates signed by trusted Certificate Authorities (CAs), to allow clients to verify the identity of the server
Confidentiality
TLS use a handshake with an asymmetric cipher negotiate cipher settings and establish a session-specific shared key with which further communication is encrypted using a symmetric cipher.
Before any data leaves the device, TLS uses the shared symmetric key
Info
the shared symmetric key
is generated on the fly during the handshake and is unique per session. Without the key, there are no feasible way to recover .
Modern TLS versions use authenticated-encryption algorithms such as AES-GCM or ChaCha20-Poly1305, which handle both encryption and integrity in one efficient step.
Integrity
Encryption alone can’t guarantee that data is not altered. TLS computes an authentication tag
When the receiver gets message
Authentication
TLS uses digital certificates to ensure the client is communicating with the legitimate server and not an impostor. Each certificate is cryptographically signed by a trusted Certificate Authority (CA), and it binds a domain name (e.g., lesleylai.info) to a public key.
The client verifies the certificate chain against its built-in list of trusted root CAs. A valid signature confirms that the server possesses the corresponding private key, which helps prevent man-in-the-middle and impersonation attacks.